feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #7685 from dgarske/renesas_rx_tsip

Browse Source 
Renesas RX TSIP ECDSA support
This commit is contained in:
Sean Parkinson
2024-07-19 10:53:00 +10:00
committed by GitHub
parent 47dcac657c 4eab0f1231
commit e6fcd488a6
32 changed files with 987 additions and 751 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
View File

@ -584,7 +584,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
@ -605,7 +605,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024

4
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
View File

@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024

4
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
View File

@ -132,7 +132,7 @@
#define WOLFSSL_SHA384
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* Some known low-memory devices have features not enabled by default. */
/* Some known low-memory devices have features not enabled by default. */
#else
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
@ -140,7 +140,7 @@
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#define HAVE_ECC

4
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
View File

@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024

6
IDE/GCC-ARM/Header/user_settings.h
View File

@ -250,10 +250,10 @@ extern "C" {
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AESGCM
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */

26
IDE/HEXAGON/user_settings.h
View File

@ -13,25 +13,25 @@
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#ifdef HAVE_ECC
#define ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#endif
#ifndef NO_RSA
#define WC_RSA_BLINDING
#define WC_RSA_BLINDING
#endif
#if 1
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_MATH
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_MATH
#if 1
/* ARM NEON instructions */
#define WOLFSSL_SP_ARM64_ASM
#endif
#if 1
/* Use DSP */
#define WOLFSSL_DSP
#endif
#if 1
/* ARM NEON instructions */
#define WOLFSSL_SP_ARM64_ASM
#endif
#if 1
/* Use DSP */
#define WOLFSSL_DSP
#endif
#endif
#endif

2
IDE/M68K/README.md
View File

@ -34,7 +34,7 @@ BUILD_C
RSA 2048 public 7.619 ops/sec
RSA 2048 private 0.276 ops/sec
###Building testwolfcryt/benchmark
###Building testwolfcrypt/benchmark
To build either testwolfcrypt or benchmark first build wolfssl.a, place it in
$(NBROOT)/lib and then cd into the respective directory. Running "make" will
then create a .s19 application that can be ran on the board.

22
IDE/MCUEXPRESSO/RT1170/user_settings.h
View File

@ -53,7 +53,7 @@
/* using the RTC */
//#define NO_ASN_TIME
#ifndef NO_ASN_TIME
#define FREESCALE_SNVS_RTC
#define FREESCALE_SNVS_RTC
#endif
#define NO_CRYPT_TEST
@ -64,19 +64,19 @@
#include <stdarg.h>
static void myPrintf(const char* fmt, ...)
{
int ret;
char line[150];
va_list ap;
int ret;
char line[150];
va_list ap;
va_start(ap, fmt);
ret = vsnprintf(line, sizeof(line), fmt, ap);
line[sizeof(line)-1] = '\0';
va_start(ap, fmt);
ret = vsnprintf(line, sizeof(line), fmt, ap);
line[sizeof(line)-1] = '\0';
DbgConsole_Printf("%s", line);
DbgConsole_Printf("%s", line);
/* add CR on newlines */
if (ret > 0 && line[ret-1] == '\n') {
DbgConsole_Printf("\r");
/* add CR on newlines */
if (ret > 0 && line[ret-1] == '\n') {
DbgConsole_Printf("\r");
}
}
#define XPRINTF myPrintf

26
IDE/MCUEXPRESSO/user_settings.h
View File

@ -40,19 +40,19 @@
#include <stdarg.h>
static void myPrintf(const char* fmt, ...)
{
int ret;
char line[150];
va_list ap;
int ret;
char line[150];
va_list ap;
va_start(ap, fmt);
ret = vsnprintf(line, sizeof(line), fmt, ap);
line[sizeof(line)-1] = '\0';
va_start(ap, fmt);
ret = vsnprintf(line, sizeof(line), fmt, ap);
line[sizeof(line)-1] = '\0';
DbgConsole_Printf("%s", line);
DbgConsole_Printf("%s", line);
/* add CR on newlines */
if (ret > 0 && line[ret-1] == '\n') {
DbgConsole_Printf("\r");
/* add CR on newlines */
if (ret > 0 && line[ret-1] == '\n') {
DbgConsole_Printf("\r");
}
}
#define XPRINTF myPrintf
@ -70,9 +70,9 @@
#define USE_FAST_MATH
#ifdef USE_FAST_MATH
/* big enough for even 4096 bit RSA key */
#define FP_MAX_BITS 8192
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define FP_MAX_BITS 8192
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define ALT_ECC_SIZE
#endif

2
IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
View File

@ -78,7 +78,7 @@ typedef int socklen_t ;
#define tcp_listen wolfssl_tcp_listen
#define tcp_select wolfssl_tcp_select
extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ;
extern int wolfssl_connect(int sd, const struct sockaddr* sa, int sz) ;
extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen);
extern int wolfssl_recv(int sd, void *buf, size_t len, int flags);
extern int wolfssl_send(int sd, const void *buf, size_t len, int flags);

12
IDE/MSVS-2019-AZSPHERE/user_settings.h
View File

@ -31,9 +31,9 @@
#ifndef SERVER_IP
#define SERVER_IP "192.168.1.200" /* Local Test Server IP */
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 11111
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 11111
#endif
#define CERT ca_cert_der_2048
#define SIZEOF_CERT sizeof_ca_cert_der_2048
static const char msg[] = "Are you listening wolfSSL Server?";
@ -41,9 +41,9 @@
#ifndef SERVER_IP
#define SERVER_IP "www.wolfssl.com"
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 443
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 443
#endif
#define CERT wolfssl_website_root_ca
#define SIZEOF_CERT sizeof_wolfssl_website_root_ca
static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";

4
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c
View File

@ -21,8 +21,8 @@
#include <wolfssl/wolfcrypt/wc_port.h>
#define YEAR 2023
#define MON 5
#define YEAR 2024
#define MON 7
static int tick = 0;

105
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
View File

@ -1,6 +1,6 @@
/* simpel_tls_tsip_client.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -31,7 +31,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#endif
#define SIMPLE_TLSSEVER_IP "192.168.11.9"
#define SIMPLE_TLSSEVER_IP "192.168.11.5"
#define SIMPLE_TLSSERVER_PORT "11111"
ER t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
@ -198,7 +198,7 @@ void wolfSSL_TLS_client( )
{
ID cepid = 1;
ER ercd;
int ret;
int ret = 0;
WOLFSSL_CTX *ctx = (WOLFSSL_CTX *)client_ctx;
WOLFSSL *ssl = NULL;
@ -231,44 +231,95 @@ void wolfSSL_TLS_client( )
}
#ifdef SIMPLE_TLS_TSIP_CLIENT
tsip_set_callback_ctx(ssl, &userContext);
ret = tsip_set_callback_ctx(ssl, &userContext);
#endif
/* set client private key data */
#if defined(WOLFSSL_TLS13) && defined(SIMPLE_TLS_TSIP_CLIENT)
#if defined(USE_ECC_CERT)
if (tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
#ifdef USE_ECC_CERT
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* TSIP specific ECC private key */
if (ret == 0){
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256) != 0) {
printf("ERROR: can't load client-private key\n");
return;
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
}
}
# if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (ret == 0){
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_public_key,
sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
TSIP_ECCP256);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
}
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
#else
if (tsip_use_PrivateKey_buffer_TLS(ssl,
/* DER format ECC private key */
if (ret == 0) {
ret = wolfSSL_use_PrivateKey_buffer(ssl,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
WOLFSSL_FILETYPE_ASN1);
if (ret != SSL_SUCCESS) {
printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#else
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Note: TSIP asks RSA client key pair for client authentication. */
/* TSIP specific RSA private key */
if (ret == 0) {
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048) != 0) {
printf("ERROR: can't load client-private key\n");
return;
TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
}
}
if (ret == 0) {
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key), TSIP_RSA2048);
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
TSIP_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer: %d\n", ret);
return;
printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
}
#endif
#else
if (wolfSSL_use_PrivateKey_buffer(ssl,
ecc_clikey_der_256,
sizeof_ecc_clikey_der_256,
SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
printf("ERROR: can't load private-key data.\n");
return;
}
#endif /* WOLFSSL_TLS13 */
#else
if (ret == 0) {
err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
if (err != SSL_SUCCESS) {
printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
wolfSSL_get_error(ssl, 0));
ret = -1;
}
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#endif /* USE_ECC_CERT */
/* set callback context */
wolfSSL_SetIOReadCtx(ssl, (void *)&cepid);

372
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c
View File

@ -1,6 +1,6 @@
/* key_data.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -31,43 +31,43 @@ const st_key_block_data_t g_key_block_data =
{
/* uint8_t encrypted_provisioning_key[R_TSIP_AES_CBC_IV_BYTE_SIZE * 2]; */
{
0xDF, 0x78, 0x49, 0x28, 0xA9, 0x4C, 0x36, 0xD6, 0xC9, 0x89, 0x98, 0xDF,
0xFF, 0xB1, 0xCB, 0xBC, 0x9F, 0xF4, 0x34, 0xCD, 0x81, 0x53, 0x67, 0xB3,
0xFC, 0x85, 0xC6, 0x0B, 0xA2, 0xC8, 0xF4, 0x83
0x68, 0x03, 0xA1, 0x95, 0x3B, 0x93, 0x12, 0xCC, 0x86, 0x5A, 0x3E, 0x24,
0xF7, 0xDD, 0x22, 0x31, 0xEC, 0xAB, 0x42, 0x8B, 0x90, 0xC2, 0x8E, 0xDF,
0x56, 0xB3, 0xAE, 0x3A, 0x99, 0x05, 0x34, 0xCD
},
/* uint8_t iv[R_TSIP_AES_CBC_IV_BYTE_SIZE]; */
{
0xF6, 0xA9, 0x83, 0x5A, 0xA1, 0x65, 0x1D, 0x28, 0xC8, 0x1A, 0xA6, 0x9D,
0x34, 0xB2, 0x4D, 0x92
0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23, 0x45, 0x67, 0x89, 0x01, 0x23,
0x45, 0x67, 0x89, 0x01
},
/* uint8_t
/* uint8_t
* encrypted_user_rsa2048_ne_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16];
*/
{
0xC8, 0x12, 0x94, 0x44, 0x43, 0x35, 0x82, 0x09, 0xF2, 0x54, 0x69, 0xB6,
0x9B, 0x8E, 0x6F, 0x92, 0xE3, 0x3A, 0xB2, 0x55, 0x63, 0x8D, 0xDB, 0x47,
0x75, 0x8D, 0x9D, 0x56, 0xD7, 0x7F, 0x42, 0x3A, 0x04, 0x4C, 0xAA, 0xF1,
0x94, 0x9C, 0x8C, 0x97, 0xAF, 0x5C, 0xBA, 0x0E, 0xBD, 0x8A, 0xE3, 0x67,
0x3E, 0xF8, 0x4C, 0x8E, 0xB7, 0x71, 0xB0, 0xCE, 0x09, 0x3C, 0xEC, 0x9C,
0xCC, 0x81, 0x9D, 0x37, 0x9E, 0x34, 0x39, 0x6D, 0xF0, 0x7D, 0x1A, 0x4A,
0xEB, 0xF5, 0x99, 0x91, 0xE1, 0xB0, 0x99, 0x72, 0xB3, 0xF3, 0x2B, 0xE1,
0x6F, 0x5B, 0xD4, 0xA3, 0xB9, 0x9C, 0xEB, 0x95, 0xC3, 0xB2, 0x8F, 0x5C,
0x58, 0xD5, 0x0A, 0xAA, 0x02, 0x01, 0xBF, 0xE1, 0xE9, 0x23, 0xFB, 0x03,
0xCF, 0x54, 0x6D, 0x29, 0xE7, 0x5E, 0x96, 0x51, 0x68, 0x6B, 0xDD, 0x06,
0x67, 0x5E, 0x84, 0x50, 0x21, 0x50, 0x78, 0x89, 0x80, 0xF8, 0x61, 0x9C,
0xBE, 0xDA, 0x75, 0x55, 0x1A, 0xE6, 0x3C, 0xA5, 0x1C, 0xE4, 0x5A, 0x5C,
0x68, 0x7C, 0x48, 0xC7, 0x6A, 0xC9, 0x80, 0x54, 0x31, 0xE7, 0x65, 0x8A,
0x13, 0xF3, 0x6D, 0x0F, 0xB3, 0x62, 0x8D, 0x1B, 0xEA, 0x71, 0x12, 0x86,
0x50, 0x98, 0xA3, 0x8E, 0x64, 0x1D, 0x3E, 0xA4, 0x5A, 0x99, 0xB3, 0xBD,
0x3E, 0x3D, 0xF5, 0x0F, 0x41, 0x09, 0xFB, 0x04, 0x7B, 0x8D, 0xA1, 0xCF,
0xBA, 0x71, 0x85, 0x86, 0x3C, 0x04, 0xDD, 0x74, 0x8D, 0xE3, 0x3C, 0x8E,
0x52, 0x3C, 0x05, 0x7A, 0xBE, 0xCC, 0xEA, 0x9D, 0x57, 0x2C, 0x40, 0x05,
0xEE, 0x49, 0x1D, 0xD2, 0xA3, 0x5A, 0xFA, 0x25, 0x1D, 0x1F, 0xDD, 0xB5,
0x36, 0x7D, 0x25, 0xD3, 0x34, 0x39, 0xC2, 0x59, 0x57, 0xAD, 0x3C, 0x9D,
0xC9, 0xBF, 0x09, 0x8D, 0xA0, 0x40, 0x5A, 0x14, 0x7B, 0xCF, 0xFE, 0x05,
0x3E, 0xF3, 0xD1, 0x7D, 0xBB, 0x33, 0x96, 0x40, 0x79, 0xC2, 0x7B, 0x15,
0x2E, 0xEE, 0xE3, 0x5B, 0x9C, 0x06, 0x72, 0x95, 0xFF, 0xCB, 0xC9, 0xE4,
0x96, 0x97, 0x18, 0x0D, 0xE7, 0x78, 0xCD, 0xE9, 0xA7, 0xEA, 0xE9, 0xDF
0x8F, 0xCE, 0xBA, 0x0C, 0xF6, 0x6F, 0x65, 0x7F, 0xF7, 0xB7, 0x31, 0x11,
0x20, 0x17, 0x7D, 0x8F, 0x5B, 0xA4, 0x43, 0x4F, 0x0A, 0x7C, 0x64, 0x24,
0x57, 0x03, 0xEB, 0xBB, 0xDD, 0xF4, 0x60, 0x1E, 0x30, 0x97, 0xB1, 0xC7,
0xFA, 0xEF, 0x5D, 0x16, 0x93, 0x16, 0xD6, 0x24, 0xA8, 0xC3, 0xCA, 0x7C,
0xF4, 0x00, 0x77, 0x0E, 0x62, 0xB1, 0x7E, 0x8E, 0x57, 0x19, 0x91, 0xEC,
0x47, 0xE1, 0x81, 0x6F, 0x79, 0x43, 0x51, 0xB9, 0x0A, 0x3F, 0x6B, 0x38,
0x9A, 0xB6, 0x2F, 0x97, 0x59, 0xA2, 0x7C, 0x6B, 0xBD, 0x8A, 0xCC, 0x52,
0x37, 0x2A, 0x22, 0xC9, 0x60, 0xB8, 0x99, 0x17, 0x2D, 0x94, 0x8B, 0x02,
0x51, 0xAB, 0xD2, 0x09, 0xEE, 0x08, 0x92, 0x19, 0x68, 0x0F, 0xBB, 0xEE,
0x0F, 0xFF, 0xAF, 0x7F, 0x08, 0x55, 0x81, 0xE6, 0x12, 0x34, 0x12, 0xBD,
0x2C, 0x8E, 0x8E, 0x9D, 0xC3, 0x34, 0x47, 0xF0, 0xF6, 0x01, 0x24, 0x05,
0x3D, 0x2E, 0x2E, 0x3E, 0x9C, 0x19, 0x8C, 0x99, 0x19, 0x06, 0x93, 0xD0,
0x14, 0x78, 0x89, 0x37, 0x2B, 0xA2, 0xD0, 0xBE, 0x67, 0x7C, 0xC6, 0xB3,
0x61, 0x85, 0xF9, 0x4E, 0xC7, 0x33, 0x00, 0x45, 0x34, 0x1B, 0x3F, 0xD9,
0xF1, 0xA4, 0x4B, 0x82, 0x34, 0x69, 0xF0, 0xE5, 0x4D, 0xCF, 0xC7, 0xAD,
0xD9, 0xF7, 0x86, 0x84, 0x1A, 0x5B, 0x7D, 0xBA, 0x7B, 0xC1, 0xF8, 0xB0,
0xE4, 0xAB, 0xA3, 0x05, 0xE0, 0xF0, 0x14, 0xDE, 0x8D, 0x7A, 0x98, 0xCA,
0x02, 0xDE, 0x02, 0xB6, 0xCC, 0xE4, 0xF9, 0x84, 0x1A, 0x1D, 0x5E, 0x00,
0x64, 0x80, 0x4F, 0x65, 0xDE, 0x48, 0x5D, 0x5C, 0x5C, 0x4B, 0x00, 0xD3,
0x03, 0xF0, 0x77, 0xB2, 0x8F, 0x2A, 0xFE, 0x38, 0x73, 0x2D, 0xFE, 0xDC,
0x18, 0xE0, 0x9A, 0xAC, 0x1D, 0x09, 0x41, 0x38, 0x99, 0x4C, 0xA6, 0x0E,
0x0F, 0xB4, 0xC0, 0x59, 0x38, 0x31, 0xC7, 0x69, 0x8A, 0x6A, 0x94, 0x8E,
0xEE, 0x38, 0x63, 0x2C, 0x4C, 0x0C, 0x65, 0x3F, 0xC6, 0xA2, 0x91, 0x48,
0x0A, 0xE2, 0x09, 0x50, 0x8F, 0x9E, 0x91, 0xF8, 0xAC, 0x3B, 0xDA, 0xBA
},
/* uint8_t encrypted_user_update_key[R_TSIP_AES256_KEY_BYTE_SIZE + 16]; */
{
@ -77,100 +77,100 @@ const st_key_block_data_t g_key_block_data =
* encrypted_user_rsa2048_public_key[R_TSIP_RSA2048_NE_KEY_BYTE_SIZE + 16]
*/
{
0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
0x25, 0x5B, 0x52, 0xF3, 0xBC, 0xCE, 0x10, 0x77, 0x76, 0xE4, 0x5C, 0xCF,
0xC3, 0xA4, 0xCC, 0x11, 0xD3, 0x1E, 0x02, 0x98, 0x33, 0xA5, 0xF7, 0xD9,
0x43, 0xAB, 0x45, 0x9A, 0x97, 0x0D, 0x08, 0x03, 0xBD, 0xB2, 0xAB, 0x50
},
/* uint8_t
0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44,
0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51,
0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0,
0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9,
0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9,
0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11,
0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58,
0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB,
0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66,
0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4,
0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1,
0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D,
0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B,
0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0,
0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3,
0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84,
0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F,
0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E,
0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A,
0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7,
0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD,
0x71, 0xB1, 0x1B, 0x1E, 0xFB, 0xDE, 0x19, 0xB8, 0x11, 0x61, 0x09, 0xA2,
0x89, 0x66, 0xE3, 0xA6, 0x3D, 0x7F, 0xFE, 0xFF, 0xE8, 0x1B, 0xD3, 0x2D,
0xEA, 0xA5, 0x86, 0xCF, 0x96, 0xDE, 0xDE, 0xC1, 0x17, 0x96, 0x77, 0x41
},
/* uint8_t
* encrypted_user_rsa2048_private_key[R_TSIP_RSA2048_ND_KEY_BYTE_SIZE + 16]
*/
{
0xAF, 0x8C, 0x78, 0xE3, 0x6C, 0x9E, 0xC6, 0x76, 0xE5, 0x86, 0x84, 0xBE,
0xF5, 0x6C, 0xD7, 0x2B, 0x46, 0x24, 0x35, 0x99, 0xA5, 0x64, 0xDD, 0xFA,
0x35, 0x22, 0x5A, 0xB8, 0x5F, 0xD8, 0x1E, 0xCF, 0xCC, 0x73, 0x10, 0xD6,
0x13, 0x69, 0x8F, 0x36, 0xA9, 0x8E, 0x09, 0xDF, 0x83, 0x20, 0x85, 0xBE,
0x81, 0x69, 0x51, 0x75, 0xCB, 0xA5, 0x90, 0x8C, 0xC1, 0x75, 0xBE, 0x0F,
0x8C, 0xB6, 0xFE, 0x73, 0x03, 0x37, 0x03, 0x41, 0xC0, 0x98, 0xC2, 0xEE,
0x2D, 0x1B, 0xDA, 0x10, 0x8B, 0xF6, 0xB6, 0x67, 0xE9, 0x29, 0xCD, 0xEC,
0x4C, 0x4D, 0x84, 0x28, 0x61, 0x3A, 0xF5, 0x6D, 0xEE, 0x78, 0x45, 0xF3,
0x17, 0xC9, 0x77, 0xAB, 0x56, 0x2C, 0x68, 0xCB, 0x14, 0x9F, 0x5A, 0xE7,
0x11, 0xC7, 0x13, 0x4B, 0xDC, 0x31, 0x60, 0x77, 0xDA, 0x56, 0x0C, 0x15,
0xB2, 0xA9, 0x73, 0x4C, 0xD3, 0x46, 0x29, 0x18, 0x1C, 0x8C, 0xFD, 0xCF,
0xAC, 0x4B, 0x55, 0x30, 0x96, 0xDC, 0xE9, 0xC0, 0x6A, 0x74, 0x68, 0x1D,
0x6B, 0x25, 0xB0, 0x8F, 0x0C, 0xD7, 0xDD, 0xFC, 0xA8, 0x15, 0x87, 0x3E,
0xA3, 0x91, 0x46, 0x25, 0x6C, 0x6F, 0xC4, 0xB2, 0xE1, 0xB8, 0x5F, 0xF3,
0x6A, 0x0D, 0x9C, 0x29, 0x08, 0x6F, 0x5E, 0xFF, 0xA0, 0x81, 0x34, 0xA5,
0x2B, 0x2B, 0x47, 0xE0, 0x6D, 0x56, 0xD2, 0x52, 0xC7, 0x19, 0x63, 0x72,
0x84, 0x96, 0x64, 0xA5, 0xF2, 0x92, 0x3C, 0x38, 0x37, 0x9F, 0x6A, 0x2D,
0x58, 0x33, 0x8C, 0x5C, 0x27, 0x05, 0xCB, 0x4F, 0x62, 0x2F, 0x40, 0xE9,
0x55, 0x2C, 0x75, 0x4B, 0x02, 0xB3, 0x61, 0xAD, 0x34, 0x14, 0x49, 0x26,
0x94, 0x45, 0x9B, 0xB8, 0xDB, 0x1F, 0xCE, 0xE9, 0xB1, 0xBF, 0x47, 0xF3,
0xD4, 0xAD, 0xEB, 0xBC, 0x4F, 0x61, 0xAD, 0x66, 0xAF, 0x10, 0x94, 0x5D,
0x25, 0x5B, 0x52, 0xF3, 0x44, 0xBA, 0x28, 0xF8, 0xF2, 0x01, 0x41, 0x61,
0xF3, 0xE5, 0x91, 0x44, 0xF9, 0xA3, 0x56, 0xD8, 0xE9, 0x43, 0x0F, 0x78,
0x7E, 0x1C, 0x01, 0xA6, 0xD7, 0x47, 0x87, 0x7C, 0xC5, 0xAF, 0x2A, 0xD3,
0x71, 0x3A, 0x3E, 0x96, 0xF5, 0x8E, 0xA8, 0x1A, 0x89, 0x17, 0xCD, 0x52,
0x7E, 0x98, 0x70, 0xB3, 0x57, 0x22, 0x59, 0x1C, 0xB7, 0x61, 0xD3, 0x32,
0xE5, 0x2E, 0x6B, 0x6F, 0x2B, 0xD2, 0xAB, 0x27, 0x62, 0x65, 0xBE, 0x0B,
0x8B, 0xFC, 0x9D, 0xB7, 0x3B, 0x4F, 0xA7, 0x35, 0xA6, 0xB3, 0x10, 0x98,
0x6D, 0x47, 0x12, 0x16, 0x89, 0x33, 0x9A, 0x87, 0x85, 0x50, 0x21, 0x2B,
0x03, 0xD0, 0x0C, 0x25, 0x52, 0xC1, 0xA4, 0xD9, 0x50, 0x57, 0x0A, 0x88,
0x67, 0xE9, 0x55, 0x78, 0xFF, 0x23, 0xC0, 0xD1, 0xB6, 0xF4, 0xBD, 0x64,
0x38, 0x9A, 0x59, 0xD8, 0x0C, 0xCA, 0x3C, 0x44, 0xBB, 0x31, 0x40, 0xF3,
0x3F, 0x84, 0x74, 0x1A, 0x1B, 0xFB, 0x81, 0x22, 0x20, 0x0E, 0x68, 0x48,
0x7F, 0xBF, 0xBB, 0xE2, 0xF7, 0xEA, 0x1C, 0xDD, 0x63, 0xAA, 0x3E, 0xFE,
0x7A, 0xBD, 0x6C, 0x2A, 0x2C, 0x6C, 0x8E, 0x3C, 0xB6, 0x42, 0x2F, 0x42,
0xF2, 0x17, 0x07, 0x2F, 0x4F, 0xAA, 0x4B, 0xA0, 0xE7, 0x98, 0xAE, 0x95,
0x21, 0x2A, 0xF8, 0x1C, 0x33, 0x81, 0xC2, 0x64, 0xEC, 0xF3, 0xD7, 0x75,
0x81, 0x61, 0x8C, 0xDF, 0x7F, 0x76, 0x6B, 0x44, 0x22, 0x36, 0xD3, 0x7F,
0x17, 0x40, 0x84, 0xF8, 0xA8, 0x4B, 0xD5, 0xD4, 0x4E, 0xA1, 0x86, 0xDB,
0x9B, 0xCD, 0xB6, 0x6C, 0xDF, 0x35, 0x0C, 0x0D, 0x7E, 0x0F, 0x01, 0x9C,
0xF7, 0x6E, 0x89, 0xE6, 0x2F, 0x0E, 0xC5, 0xF3, 0xEA, 0x69, 0x8C, 0xA5,
0xD5, 0x48, 0xEE, 0x5B, 0x77, 0x04, 0xFE, 0xC7, 0x56, 0x87, 0x27, 0xD4,
0xF9, 0xCC, 0xB4, 0xB4, 0xB7, 0x1A, 0x85, 0x38, 0x0B, 0x93, 0xD2, 0x1D,
0xD3, 0xDE, 0x7E, 0x45, 0xAF, 0x82, 0x46, 0x65, 0xFE, 0x59, 0x55, 0x83
0x7B, 0x9E, 0xC9, 0x21, 0x70, 0xDF, 0xC0, 0x9E, 0x06, 0x57, 0xB8, 0x44,
0xD0, 0x95, 0x21, 0xD0, 0x37, 0xDC, 0xAE, 0x3A, 0xAF, 0xCD, 0x56, 0x51,
0x3C, 0xEC, 0x82, 0xB1, 0xFE, 0xBF, 0x6E, 0x12, 0xE7, 0x79, 0x92, 0xF0,
0x3F, 0x56, 0x8A, 0x46, 0x0E, 0x4D, 0x9D, 0xC9, 0x7D, 0xC9, 0x2D, 0xE9,
0x07, 0x1C, 0x9A, 0x11, 0x2F, 0x92, 0x26, 0x40, 0xD7, 0x73, 0xC8, 0xB9,
0xD0, 0xB8, 0x46, 0x42, 0x53, 0x23, 0x79, 0xBB, 0x3B, 0x97, 0x91, 0x11,
0x70, 0x66, 0xB6, 0xF4, 0x7B, 0x2F, 0x65, 0x3C, 0xA0, 0xD0, 0x70, 0x58,
0x3C, 0xA8, 0xD9, 0x79, 0x79, 0x14, 0x55, 0xA4, 0x73, 0xE3, 0x40, 0xBB,
0xC7, 0x57, 0x5C, 0x30, 0x9C, 0xC5, 0xB5, 0x9D, 0x87, 0xFB, 0x6E, 0x66,
0x9C, 0x77, 0xF8, 0x41, 0x75, 0x80, 0x30, 0x62, 0xD5, 0x20, 0xBA, 0xB4,
0x5D, 0x33, 0x8F, 0xC1, 0x5F, 0x22, 0xF1, 0xD8, 0x09, 0x62, 0xA6, 0xE1,
0x73, 0x50, 0x5B, 0x9B, 0xD7, 0x21, 0x8F, 0x38, 0x31, 0x5B, 0x79, 0x1D,
0xF8, 0x50, 0xE0, 0x87, 0xC1, 0x6B, 0xC4, 0x4D, 0x25, 0x6C, 0xB2, 0x0B,
0x88, 0x51, 0xB9, 0xB0, 0xDF, 0xC2, 0x6C, 0xC6, 0x52, 0xB8, 0x88, 0xC0,
0x25, 0x31, 0x99, 0x61, 0xCA, 0x0F, 0xCB, 0x63, 0x9A, 0x90, 0xE3, 0xB3,
0x11, 0xFD, 0xAB, 0x1F, 0x4C, 0x6B, 0xC5, 0x5C, 0x86, 0x29, 0x4C, 0x84,
0xC8, 0xE9, 0x5A, 0xCE, 0xE6, 0x3F, 0x79, 0xD2, 0xDC, 0x6A, 0xDD, 0x5F,
0x42, 0x45, 0x62, 0xB9, 0xE7, 0x64, 0x88, 0x2F, 0x70, 0x45, 0x1E, 0x9E,
0xCF, 0x9A, 0x4C, 0x2A, 0x3D, 0x1C, 0x6C, 0x2F, 0x94, 0x27, 0xD4, 0x2A,
0xE5, 0x55, 0xA5, 0x73, 0xB8, 0x74, 0x29, 0x74, 0xD6, 0xF4, 0x6C, 0xB7,
0x6C, 0x9D, 0x26, 0x6D, 0x2E, 0xBF, 0x99, 0xCA, 0xDD, 0xEB, 0x48, 0xAD,
0x71, 0xB1, 0x1B, 0x1E, 0x45, 0xE8, 0xE9, 0xF1, 0x1F, 0x8D, 0x7B, 0x7B,
0xD5, 0xDE, 0xE0, 0x8B, 0x67, 0x64, 0x4D, 0x9F, 0x6E, 0xC5, 0xB3, 0x03,
0xC6, 0x35, 0x93, 0xE9, 0xE1, 0xA5, 0xC4, 0x6B, 0xD9, 0x29, 0xA6, 0x86,
0xBB, 0x4B, 0xD9, 0xA4, 0x82, 0x68, 0xAF, 0x1E, 0x57, 0x30, 0x8C, 0xC6,
0x94, 0xCA, 0xE5, 0xAB, 0x9E, 0x11, 0x51, 0x22, 0xEC, 0x28, 0x63, 0xBD,
0xAA, 0xE8, 0xE5, 0x27, 0x7B, 0x68, 0x6C, 0x94, 0x42, 0xBA, 0x05, 0xEA,
0x68, 0x5F, 0x18, 0xE9, 0x64, 0x23, 0x07, 0x11, 0xE4, 0x7B, 0x37, 0x77,
0xFC, 0x35, 0xBC, 0xFC, 0x06, 0x2E, 0x7F, 0x15, 0xB8, 0xE1, 0x07, 0x42,
0x04, 0xD2, 0x4A, 0xD5, 0x43, 0xE1, 0x49, 0x7C, 0x43, 0x49, 0x80, 0x3A,
0x86, 0xE0, 0x10, 0x98, 0x77, 0xF2, 0x55, 0xC9, 0x21, 0x24, 0x6D, 0x01,
0x36, 0xC5, 0x1F, 0xB8, 0x2D, 0x5B, 0x62, 0x99, 0x15, 0x74, 0x19, 0x44,
0x82, 0xC1, 0x09, 0x16, 0x1B, 0xF1, 0x7E, 0xFD, 0xC5, 0xFD, 0x6C, 0x20,
0xC3, 0x35, 0x8D, 0x46, 0xE3, 0x98, 0xCF, 0xE7, 0x6F, 0xC7, 0xD7, 0x71,
0xCC, 0x95, 0x23, 0x60, 0xE7, 0x9E, 0x19, 0xD1, 0xA1, 0x0F, 0xDD, 0xFF,
0x6B, 0x79, 0x12, 0x06, 0xB6, 0x12, 0x28, 0x42, 0x20, 0x16, 0x1C, 0xA4,
0x0B, 0x94, 0x7D, 0xF5, 0xE3, 0x73, 0x62, 0x7B, 0x3B, 0x6B, 0xB7, 0xEC,
0xCF, 0xAF, 0xF9, 0x8E, 0x09, 0x84, 0x50, 0x25, 0xF6, 0x2C, 0x1F, 0x7E,
0x58, 0xE2, 0x5F, 0x06, 0x6D, 0xBB, 0x49, 0x9F, 0x29, 0x0A, 0x77, 0x95,
0xF2, 0x02, 0xA6, 0x10, 0xC6, 0x3C, 0x12, 0xC5, 0xD3, 0xA2, 0x73, 0x0A,
0x88, 0x86, 0x1D, 0xD7, 0x12, 0xF7, 0x49, 0x25, 0xFC, 0x81, 0x9F, 0xF6,
0x2D, 0xF8, 0xB4, 0xE9, 0xE7, 0xC5, 0x3D, 0x40, 0x73, 0x6C, 0xFD, 0xE7,
0xDA, 0x42, 0x34, 0xDB, 0x88, 0x72, 0x9E, 0xAE, 0x22, 0x68, 0x5B, 0xB1,
0x68, 0xF7, 0xF7, 0x2A, 0xD6, 0x6A, 0x02, 0x07, 0x5F, 0x8F, 0xD7, 0xE9
},
/* uint8_t
* encrypted_user_ecc256_public_key[R_TSIP_ECC_PUBLIC_KEY_BYTE_SIZE + 16];
*/
{
0xAD, 0x59, 0x2A, 0x12, 0xAA, 0xA8, 0x34, 0x30, 0xD4, 0xC9, 0xA1, 0x5A,
0xD2, 0xD8, 0xF8, 0x99, 0xA0, 0x26, 0x87, 0x27, 0x90, 0x39, 0x00, 0xEA,
0x64, 0x8F, 0x70, 0xF8, 0x1A, 0xA7, 0x44, 0xC8, 0xE6, 0x66, 0xCB, 0xF6,
0x8B, 0x00, 0xC7, 0x86, 0x2B, 0x14, 0x98, 0xDB, 0x03, 0xE8, 0xD5, 0x02,
0xB8, 0x02, 0x6D, 0x73, 0x66, 0x19, 0x94, 0x83, 0xC4, 0xB9, 0x57, 0x3D,
0xFE, 0xA7, 0x19, 0xAC, 0xBC, 0xE3, 0x75, 0x40, 0xC2, 0x48, 0x5E, 0xEF,
0x1E, 0x9E, 0xCC, 0xE2, 0xAC, 0xE6, 0xC8, 0x08
0xF2, 0x01, 0x30, 0xFE, 0x9F, 0xC6, 0x8F, 0x18, 0x81, 0xD9, 0xFF, 0xB9,
0x8F, 0xF3, 0x93, 0x7E, 0xBA, 0x5C, 0x12, 0xA1, 0x7F, 0x39, 0x85, 0x3E,
0xB0, 0xE7, 0x3E, 0xC7, 0xEF, 0x48, 0xA7, 0x75, 0x7B, 0x24, 0x16, 0x63,
0x7B, 0x8D, 0x13, 0x5B, 0xCA, 0xC9, 0xF7, 0xB1, 0xC7, 0x46, 0xCE, 0xBB,
0xB9, 0xEE, 0x89, 0xAE, 0x90, 0xDF, 0x74, 0xF1, 0x2B, 0x61, 0x41, 0x2B,
0xF9, 0x5D, 0x41, 0x14, 0x92, 0x9E, 0xBC, 0x9D, 0xFE, 0x0D, 0x9A, 0x72,
0x5A, 0x52, 0x3F, 0xE1, 0xFA, 0xED, 0x40, 0x47
},
/* uint8_t
* encrypted_user_ecc256_private_key[R_TSIP_ECC_PRIVATE_KEY_BYTE_SIZE + 16];
*/
{
0xE6, 0x6C, 0xB8, 0x7C, 0xDB, 0x85, 0x50, 0x51, 0x4A, 0x75, 0x38, 0xA4,
0x74, 0x7A, 0x8C, 0x7C, 0x07, 0x71, 0x0E, 0x52, 0xC3, 0x19, 0xD1, 0xE6,
0xF8, 0x36, 0xD2, 0xD3, 0x53, 0xF8, 0xA7, 0xCE, 0xBC, 0xBE, 0xAE, 0x62,
0x7F, 0x00, 0x54, 0xB1, 0x01, 0x11, 0xCA, 0xE3, 0x77, 0x3E, 0x2E, 0x21
0x49, 0x3E, 0xC8, 0x9B, 0xB0, 0x04, 0xAE, 0x16, 0x98, 0xB2, 0x57, 0x70,
0x8D, 0x40, 0x6B, 0xAC, 0x59, 0xDD, 0x09, 0xB8, 0xCC, 0x10, 0xDE, 0xBE,
0x4F, 0xD4, 0x9E, 0x6B, 0xB4, 0x03, 0x85, 0x95, 0x73, 0xA7, 0x48, 0x6D,
0x08, 0xD8, 0x71, 0xD7, 0xDA, 0x50, 0x2F, 0x18, 0x48, 0x3D, 0xBF, 0x02
},
};
@ -186,87 +186,95 @@ const uint32_t encrypted_user_key_type =
const unsigned char ca_ecc_cert_der_sig[] =
{
0xc0, 0x3c, 0x28, 0xef, 0x6c, 0xd5, 0x6c, 0x36, 0xc5, 0xe5, 0xb0, 0xaa,
0xd0, 0x6a, 0x33, 0x1d, 0x7b, 0x28, 0x9f, 0xb2, 0x12, 0x8c, 0x0c, 0x5c,
0x30, 0xdf, 0x8f, 0x3f, 0x2e, 0x72, 0x0f, 0x3d, 0x8d, 0x4a, 0x1d, 0xa6,
0xc5, 0x1f, 0xb4, 0xf2, 0x18, 0xf1, 0x65, 0x40, 0x8e, 0xf2, 0x06, 0x0a,
0xda, 0xa4, 0xd6, 0x3d, 0x87, 0x61, 0x00, 0xd6, 0x89, 0x4e, 0x77, 0xbd,
0x57, 0xd7, 0x5f, 0x04, 0xe9, 0x0c, 0x96, 0x68, 0xa9, 0x72, 0xa2, 0xba,
0x46, 0x3f, 0x35, 0xeb, 0xf9, 0x4f, 0x10, 0xfd, 0x51, 0x39, 0x7c, 0x44,
0xa8, 0xa8, 0xd3, 0x62, 0x81, 0x2f, 0x82, 0x90, 0x3e, 0xea, 0xe9, 0xbc,
0x2e, 0xd1, 0x19, 0xc0, 0xb6, 0xd7, 0xc0, 0x22, 0x7c, 0xc1, 0x64, 0x61,
0xd2, 0x79, 0x01, 0x2d, 0x19, 0x7a, 0xf0, 0x34, 0x68, 0x78, 0x01, 0x35,
0x7f, 0xe2, 0xbe, 0x11, 0x8f, 0x0d, 0x04, 0xa8, 0xa4, 0x7b, 0x4e, 0x7a,
0x9c, 0xa0, 0x91, 0x3f, 0x7d, 0xdf, 0xe4, 0x69, 0x2f, 0x9b, 0x73, 0xc6,
0x1d, 0x4b, 0x3e, 0xcd, 0xa8, 0x2d, 0xf1, 0xfc, 0x35, 0x5c, 0xae, 0x7e,
0xef, 0xd9, 0x91, 0x7c, 0x32, 0xc3, 0x5a, 0xcb, 0x5f, 0xd9, 0x99, 0x1b,
0xb3, 0x6d, 0xa1, 0xaf, 0x69, 0x45, 0x41, 0xca, 0x92, 0x01, 0x93, 0x18,
0xb7, 0x4c, 0x35, 0xe0, 0x11, 0x16, 0xc7, 0xf2, 0xf9, 0xf1, 0x9e, 0xa5,
0xda, 0x60, 0x41, 0x78, 0x67, 0xef, 0x2f, 0x85, 0x08, 0xfe, 0x21, 0x1f,
0xdd, 0x31, 0xce, 0x70, 0xf2, 0xe2, 0x6f, 0xc1, 0x5f, 0xce, 0xa7, 0x4c,
0x3a, 0x1a, 0x81, 0x5d, 0xec, 0x35, 0xad, 0xf3, 0xb4, 0x46, 0x83, 0x9b,
0x95, 0x98, 0xcc, 0xa5, 0x46, 0x74, 0xdf, 0xca, 0xf9, 0x2e, 0x86, 0xe8,
0x04, 0x18, 0x33, 0x91, 0x94, 0xb7, 0xca, 0x98, 0xf7, 0xc2, 0xfe, 0x99,
0xc0, 0x73, 0x11, 0x1e
0x85, 0x76, 0x96, 0x7D, 0xB5, 0x14, 0xD9, 0x4F, 0x3E, 0xCF,
0xF3, 0xD3, 0xAB, 0x76, 0x77, 0xBA, 0xDB, 0xB8, 0x87, 0xD2,
0x2E, 0xB5, 0x87, 0x69, 0x79, 0x8C, 0x34, 0x1A, 0x06, 0xB9,
0xD5, 0x0D, 0xA8, 0x4B, 0x05, 0x6A, 0xF4, 0x26, 0x86, 0xB6,
0x91, 0x0F, 0x27, 0x6F, 0xA7, 0xF1, 0x3C, 0xEC, 0x3D, 0x34,
0xE7, 0x82, 0xEB, 0x10, 0xE6, 0xFA, 0x04, 0x11, 0x78, 0xCD,
0xEB, 0xA0, 0xB4, 0x6C, 0xBC, 0x7C, 0x8C, 0x83, 0xD3, 0x68,
0xC2, 0x72, 0x17, 0xE0, 0x41, 0xA3, 0xE3, 0x5A, 0xB6, 0x2D,
0x52, 0xA4, 0x4A, 0x4E, 0x9B, 0x3E, 0x98, 0xD7, 0xBB, 0x17,
0xF5, 0x19, 0xAB, 0x30, 0xBF, 0xE2, 0x8B, 0xD7, 0x47, 0x7B,
0x99, 0x7B, 0x97, 0x46, 0x53, 0x34, 0xCA, 0x74, 0x00, 0x39,
0x04, 0x6F, 0x0B, 0xC0, 0x42, 0x73, 0x65, 0xCA, 0x3F, 0xE2,
0x58, 0x1E, 0x26, 0xE5, 0xA2, 0x86, 0x63, 0xF3, 0x41, 0x89,
0x0E, 0x6B, 0x74, 0xF4, 0x73, 0x4D, 0x8E, 0x04, 0x1E, 0x64,
0x7E, 0x9C, 0x37, 0x3A, 0xF2, 0x4E, 0x5B, 0xF2, 0x67, 0x9A,
0x48, 0xFB, 0x70, 0xDD, 0x70, 0x8C, 0xC0, 0x8F, 0xE9, 0x77,
0x7B, 0xC0, 0x1F, 0xB7, 0xE2, 0xB8, 0xC2, 0x67, 0xF0, 0x1D,
0x13, 0xFB, 0x8D, 0xEB, 0x69, 0xE8, 0xC0, 0x31, 0xAC, 0xB9,
0x0C, 0x2D, 0x89, 0x77, 0x81, 0xC5, 0x87, 0xDD, 0x28, 0x7C,
0x03, 0x34, 0xFA, 0xD8, 0xE5, 0x20, 0x4A, 0x88, 0x42, 0x6B,
0x16, 0x55, 0x33, 0x16, 0x57, 0x19, 0x6B, 0x5A, 0x0C, 0xAC,
0x12, 0xF4, 0x72, 0x7B, 0x1C, 0x8E, 0x85, 0xCE, 0x2D, 0xE7,
0x94, 0xAD, 0xFC, 0xA8, 0x92, 0x70, 0xE0, 0xFA, 0x19, 0xB3,
0xB4, 0x97, 0x25, 0x10, 0xCB, 0x27, 0x74, 0x57, 0x5D, 0x22,
0xDB, 0x1D, 0x2F, 0xB4, 0x27, 0x52, 0xDE, 0x56, 0x77, 0xFB,
0xBA, 0x75, 0x5F, 0xC3, 0x84, 0xA6
};
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
/* ./ca-cert.der.sign, */
const unsigned char ca_cert_der_sig[] =
{
0x97, 0x8f, 0x90, 0x03, 0x0b, 0xca, 0xdf, 0x8f, 0xe8, 0x51, 0x23, 0xba,
0x14, 0xfb, 0x28, 0xb8, 0x5c, 0x58, 0x0d, 0x6e, 0x8b, 0x97, 0x0f, 0x89,
0x63, 0xc2, 0xd6, 0xb3, 0xf0, 0x16, 0x35, 0x74, 0x9d, 0xb9, 0xd7, 0x18,
0x14, 0x86, 0x91, 0xe0, 0xcd, 0xb3, 0x28, 0x63, 0x16, 0xf4, 0x6c, 0xb1,
0xd3, 0x93, 0xb6, 0x6e, 0xd9, 0x66, 0xcd, 0x65, 0x39, 0x7b, 0x1b, 0x74,
0x5c, 0xde, 0x20, 0xd4, 0x46, 0x60, 0x2f, 0xc0, 0x10, 0xf5, 0x49, 0x4a,
0x8d, 0x31, 0x29, 0x9b, 0x8a, 0xea, 0xf4, 0x8a, 0xaf, 0xc4, 0x84, 0xd7,
0x42, 0xef, 0xaf, 0x14, 0x17, 0x44, 0xed, 0x6e, 0x2b, 0xd9, 0x70, 0xed,
0x3e, 0x40, 0xf0, 0xef, 0x75, 0x4c, 0x05, 0x1f, 0xc3, 0x37, 0xec, 0xc2,
0xcd, 0xcc, 0xce, 0x39, 0x61, 0xa0, 0xea, 0x16, 0x84, 0x6d, 0xde, 0xe7,
0xf4, 0x0d, 0x8c, 0xf7, 0x69, 0x81, 0x64, 0x09, 0x16, 0xa7, 0x5b, 0x34,
0x83, 0xe5, 0x73, 0xcf, 0x02, 0xf4, 0x37, 0x96, 0x93, 0x27, 0x72, 0x47,
0x71, 0xca, 0x56, 0xcd, 0xd2, 0x85, 0x48, 0xe5, 0x9e, 0x1f, 0x39, 0x52,
0xc1, 0xc3, 0x9c, 0x6b, 0x98, 0x41, 0xc2, 0x0a, 0x77, 0x94, 0xe5, 0x84,
0x44, 0xe7, 0x94, 0xee, 0x5f, 0x05, 0x62, 0xad, 0xe5, 0xe5, 0xc9, 0x7e,
0x02, 0x31, 0x85, 0xca, 0x28, 0x2d, 0x0d, 0x7f, 0x30, 0x5d, 0xb5, 0xaa,
0x12, 0x81, 0x25, 0x37, 0x4a, 0xf2, 0x95, 0x81, 0xda, 0x76, 0xb4, 0x89,
0x76, 0x8a, 0x0c, 0x8d, 0xdf, 0xed, 0xd5, 0x48, 0xa8, 0xc8, 0x6d, 0xf4,
0xbf, 0x98, 0xa3, 0xc5, 0x42, 0x7d, 0xd2, 0x21, 0x2c, 0x8d, 0x57, 0xd0,
0x91, 0x16, 0xee, 0x83, 0xd0, 0xa1, 0x8f, 0x05, 0x50, 0x2b, 0x6e, 0xe8,
0x52, 0xf7, 0xbe, 0x96, 0x89, 0x40, 0xca, 0x9c, 0x19, 0x5a, 0xfc, 0xae,
0x1d, 0xdb, 0x57, 0xb8
0x3C, 0x99, 0x92, 0x6F, 0x0A, 0xE7, 0xC1, 0x31, 0x1F, 0xC2,
0x60, 0xFD, 0x26, 0x54, 0x2F, 0xEA, 0xA4, 0xB6, 0x99, 0x8F,
0xCF, 0x01, 0x6F, 0x37, 0x7A, 0xF5, 0xB7, 0xD1, 0xCC, 0x51,
0x0B, 0x34, 0xF1, 0xF4, 0xF0, 0x48, 0xCF, 0x53, 0xD3, 0xE1,
0xF1, 0x08, 0xD1, 0x3F, 0x2B, 0x9A, 0x0E, 0x5A, 0x15, 0xB7,
0xAD, 0x14, 0x27, 0x24, 0x70, 0xE8, 0x02, 0x68, 0x21, 0xA2,
0xA2, 0x9D, 0x63, 0x41, 0x6A, 0xE3, 0xD2, 0xC9, 0x48, 0x7B,
0xF2, 0x6E, 0x7A, 0x80, 0xB8, 0xA9, 0x28, 0x61, 0x7B, 0x93,
0x93, 0x18, 0x68, 0x19, 0x6A, 0x6F, 0x78, 0x53, 0x32, 0xBF,
0xAB, 0x28, 0x10, 0x44, 0xAC, 0xB9, 0x15, 0xFD, 0x51, 0xFE,
0x5E, 0x47, 0x07, 0xCD, 0xAF, 0x94, 0x69, 0x7A, 0x66, 0x31,
0x3E, 0xED, 0x1B, 0x93, 0x97, 0x1A, 0x83, 0xA2, 0xC7, 0x5B,
0xD3, 0x34, 0xAE, 0x24, 0xC8, 0xE9, 0xA9, 0x9E, 0x64, 0xEA,
0x57, 0xA8, 0xA8, 0xD8, 0xA2, 0x74, 0x5F, 0xDB, 0x70, 0xCC,
0x07, 0x1D, 0xD0, 0xA7, 0x91, 0x61, 0xD6, 0x9F, 0x6F, 0x77,
0x80, 0xE9, 0x6C, 0x2F, 0x90, 0xF1, 0xBE, 0x25, 0x3F, 0x1C,
0x76, 0xB6, 0xAC, 0xD7, 0xD1, 0x1E, 0x97, 0x15, 0x94, 0x96,
0xD6, 0xF6, 0xBF, 0x39, 0x6D, 0xC7, 0xF5, 0x13, 0xE0, 0xBB,
0xC4, 0xDC, 0x18, 0x13, 0x65, 0x2B, 0x80, 0x23, 0x9A, 0x6A,
0x70, 0x30, 0x9A, 0xB3, 0xE5, 0x2D, 0xC1, 0xCB, 0xBF, 0x5A,
0xC2, 0xEE, 0xF6, 0x65, 0x50, 0xD4, 0xF2, 0xA3, 0xD5, 0xF9,
0xF8, 0x16, 0xD3, 0x05, 0xAC, 0xE9, 0x8B, 0x5A, 0x75, 0xD7,
0xF9, 0xB9, 0x05, 0xF3, 0x9C, 0xD0, 0xCE, 0x39, 0xA5, 0x7D,
0xB6, 0xC6, 0x78, 0x6A, 0x31, 0x6C, 0xD2, 0xBB, 0x6F, 0x8E,
0x11, 0xD4, 0x84, 0x8B, 0x21, 0x65, 0xFC, 0x2D, 0xD3, 0x51,
0xC6, 0x31, 0x80, 0xCD, 0xE9, 0x5F
};
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
/* ./client-cert.der.sign, */
const unsigned char client_cert_der_sign[] =
{
0x5D, 0x1F, 0x89, 0x41, 0xEC, 0x47, 0xC8, 0x90, 0x61, 0x79,
0x8A, 0x16, 0x1F, 0x31, 0x96, 0x67, 0xD9, 0x3C, 0xEC, 0x6B,
0x58, 0xC6, 0x5A, 0xED, 0x99, 0xB3, 0xEF, 0x27, 0x6F, 0x04,
0x8C, 0xD9, 0x68, 0xB1, 0xD6, 0x23, 0x15, 0x84, 0x00, 0xE1,
0x27, 0xD1, 0x1F, 0x68, 0xB7, 0x3F, 0x13, 0x53, 0x8A, 0x95,
0x5A, 0x20, 0x7C, 0xB2, 0x76, 0x5B, 0xDC, 0xE0, 0xA6, 0x21,
0x7C, 0x49, 0xCF, 0x93, 0xBA, 0xD5, 0x12, 0x9F, 0xEE, 0x90,
0x5B, 0x3F, 0xA3, 0x9D, 0x13, 0x72, 0xAC, 0x72, 0x16, 0xFE,
0x1D, 0xBE, 0xEB, 0x8E, 0xC7, 0xDC, 0xC4, 0xF8, 0x1A, 0xD8,
0xA0, 0xA4, 0xF6, 0x04, 0x30, 0xF6, 0x7E, 0xB6, 0xC8, 0xE1,
0xAB, 0x88, 0x37, 0x08, 0x63, 0x72, 0xAA, 0x46, 0xCC, 0xCA,
0xF0, 0x9E, 0x02, 0x1E, 0x65, 0x67, 0xFF, 0x2C, 0x9D, 0x81,
0x6C, 0x1E, 0xF1, 0x54, 0x05, 0x68, 0x68, 0x18, 0x72, 0x26,
0x55, 0xB6, 0x2C, 0x95, 0xC0, 0xC9, 0xB2, 0xA7, 0x0B, 0x60,
0xD7, 0xEB, 0x1D, 0x08, 0x1A, 0xA2, 0x54, 0x15, 0x89, 0xCB,
0x83, 0x21, 0x5D, 0x15, 0x9B, 0x38, 0xAC, 0x89, 0x63, 0xD5,
0x4B, 0xF4, 0x8B, 0x47, 0x93, 0x78, 0x43, 0xCB, 0x9B, 0x71,
0xBF, 0x94, 0x76, 0xB5, 0xCE, 0x35, 0xA9, 0x1A, 0xD5, 0xA5,
0xD8, 0x19, 0xA6, 0x04, 0x39, 0xB1, 0x09, 0x8C, 0x65, 0x02,
0x58, 0x3A, 0x95, 0xEF, 0xA2, 0xC3, 0x85, 0x18, 0x61, 0x23,
0x2D, 0xC5, 0xCD, 0x62, 0xC1, 0x19, 0x31, 0xE5, 0x36, 0x95,
0x22, 0xDB, 0x3E, 0x1A, 0x3C, 0xE8, 0xC6, 0x2E, 0xDF, 0xD9,
0x2F, 0x84, 0xC1, 0xF0, 0x38, 0x2B, 0xE5, 0x73, 0x35, 0x4F,
0x05, 0xE2, 0xA5, 0x60, 0x79, 0xB0, 0x23, 0xDC, 0x56, 0x4C,
0xE7, 0xD9, 0x1F, 0xCF, 0x6A, 0xFC, 0x55, 0xEB, 0xAA, 0x48,
0x3E, 0x95, 0x2A, 0x10, 0x01, 0x05
0x58, 0x04, 0xD2, 0xCA, 0x82, 0x7F, 0x7C, 0xB3, 0x93, 0x8A,
0x81, 0x5F, 0x48, 0x91, 0xA4, 0x04, 0x13, 0x55, 0x20, 0x02,
0x1A, 0xCC, 0xD6, 0x09, 0x56, 0x89, 0x37, 0xBD, 0x3F, 0x88,
0x10, 0x3E, 0x8D, 0x2E, 0x30, 0x0E, 0x97, 0xA8, 0x68, 0xE1,
0xAE, 0x00, 0x9A, 0x42, 0xA0, 0xAF, 0x3E, 0xAE, 0xFF, 0xFF,
0xA7, 0xF3, 0x9C, 0xA7, 0x59, 0xB1, 0xA9, 0x67, 0x2D, 0xCE,
0xAE, 0x27, 0x0D, 0x9F, 0x22, 0x99, 0x43, 0x49, 0xC3, 0xC7,
0x50, 0x11, 0xDB, 0xD4, 0xE8, 0xA4, 0x6B, 0x30, 0x95, 0x6C,
0x66, 0x69, 0xF2, 0x2D, 0xE4, 0x41, 0x7D, 0x45, 0x73, 0xD5,
0xE7, 0x3D, 0x15, 0x34, 0x99, 0xB7, 0x27, 0xAC, 0xFB, 0x6D,
0xDC, 0xFF, 0x1F, 0x17, 0xF3, 0x37, 0x92, 0x44, 0x58, 0x57,
0x50, 0xA6, 0x3A, 0xB4, 0xB2, 0xB9, 0xAE, 0x8E, 0x4E, 0x63,
0x42, 0xBD, 0xDD, 0xAA, 0xC8, 0x26, 0x0D, 0xE8, 0x57, 0xCF,
0xBD, 0x75, 0xAB, 0xDD, 0x92, 0x53, 0x1F, 0x7A, 0x9F, 0x4D,
0x0E, 0xB0, 0xF5, 0x7F, 0xCE, 0x92, 0xD4, 0xEC, 0x3E, 0x44,
0x99, 0x27, 0x32, 0x42, 0xFA, 0x68, 0xCE, 0x2E, 0x75, 0x31,
0xEE, 0x74, 0xDA, 0xB4, 0x42, 0x8C, 0x30, 0xF8, 0xB7, 0xB6,
0xF4, 0x29, 0x5C, 0x18, 0x59, 0xE8, 0x39, 0x06, 0xF2, 0xDB,
0x50, 0xC4, 0x75, 0x3A, 0xD2, 0xDA, 0x9B, 0xEA, 0xBF, 0x80,
0x42, 0x97, 0x01, 0x7B, 0xBA, 0x5D, 0xA0, 0x29, 0x40, 0xAE,
0x3C, 0x4D, 0x75, 0x98, 0xEB, 0xCE, 0x5E, 0x67, 0xDC, 0xE3,
0xC5, 0x70, 0x8F, 0x22, 0x15, 0xCB, 0x31, 0x39, 0x8F, 0x6E,
0x8B, 0xA9, 0x22, 0x09, 0x18, 0xDC, 0x19, 0xD5, 0x65, 0x5E,
0xD5, 0x59, 0xAE, 0xD9, 0xAD, 0xF7, 0x9C, 0x2C, 0xD5, 0x79,
0x15, 0x62, 0xF8, 0xAE, 0xBA, 0x11, 0x24, 0x98, 0xC8, 0xB6,
0xF5, 0xDE, 0x32, 0x10, 0x03, 0x07
};
const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);

1
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h
View File

@ -246,7 +246,6 @@
#define WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RENESAS_TSIP_CRYPT)
#define WOLFSSL_RENESAS_TSIP_CRYPTONLY
#define HAVE_PK_CALLBACKS
#define WOLF_CRYPTO_CB
#if defined(WOLFSSL_RENESAS_TSIP_TLS)

93
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@ -107,7 +107,6 @@ typedef struct tagInfo
void Clr_CallbackCtx(TsipUserCtx *g)
{
if (g->rsa1024pri_keyIdx != NULL)
XFREE(g->rsa1024pri_keyIdx,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -139,7 +138,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
byte plain[AES_BLOCK_SIZE];
int ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
/* "Now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
@ -154,7 +153,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
if (prnt) {
printf(" tsip_aes_cbc_test() ");
}
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
@ -196,7 +195,7 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
@ -205,7 +204,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
{
int ret = 0;
Info *p = (Info*)pvParam;
while (exit_loop == false) {
ret = tsip_aes_cbc_test(0, &p->aes_key);
vTaskDelay(10/portTICK_PERIOD_MS);
@ -257,7 +256,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
if (prnt)
printf(" tsip_aes256_test() ");
if (wc_AesInit(enc, NULL, INVALID_DEVID) != 0) {
ret = -1;
goto out;
@ -315,7 +314,7 @@ out:
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
#ifdef FREERTOS
@ -323,7 +322,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
{
int ret = 0;
Info *p = (Info*)pvParam;
while (exit_loop == false) {
ret = tsip_aes256_test(0, &p->aes_key);
vTaskDelay(10/portTICK_PERIOD_MS);
@ -345,8 +344,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
Aes enc[1];
Aes dec[1];
TsipUserCtx userContext;
/*
* This is Test Case 16 from the document Galois/
* Counter Mode of Operation (GCM) by McGrew and
@ -416,7 +415,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
if (prnt) {
printf(" tsip_aes256_gcm_test() ");
}
ForceZero(resultT, sizeof(resultT));
ForceZero(resultC, sizeof(resultC));
ForceZero(resultP, sizeof(resultP));
@ -443,8 +442,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext);
if (result != 0) {
@ -461,7 +460,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
}
result = wc_tsip_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
iv1, sizeof(iv1), resultT, sizeof(resultT),
iv1, sizeof(iv1), resultT, sizeof(resultT),
a, sizeof(a), &userContext);
if (result != 0){
ret = -8;
@ -479,7 +478,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
wc_AesGcmSetKey(enc, k1, sizeof(k1));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
resultT + 1, sizeof(resultT) - 1,
resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext);
if (result != 0) {
ret = -10;
@ -487,7 +486,7 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
}
result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1,
a, sizeof(a), &userContext);
if (result != 0) {
@ -504,11 +503,11 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
out:
wc_AesFree(enc);
wc_AesFree(dec);
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
#ifdef FREERTOS
@ -516,7 +515,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
{
int ret = 0;
Info *p = (Info*)pvParam;
while (exit_loop == false) {
ret = tsip_aesgcm256_test(0, &p->aes_key);
vTaskDelay(10/portTICK_PERIOD_MS);
@ -616,16 +615,16 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
enc->ctx.keySize = enc->keylen;
}
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3),
result = wc_tsip_AesGcmEncrypt(enc, resultC, p3, sizeof(p3),
iv3, sizeof(iv3),
resultT, sizeof(t3),
resultT, sizeof(t3),
a3, sizeof(a3), &userContext);
if (result != 0) {
ret = -4;
goto out;
}
result = wc_tsip_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
iv3, sizeof(iv3), resultT, sizeof(resultT),
iv3, sizeof(iv3), resultT, sizeof(resultT),
a3, sizeof(a3), &userContext);
if (result != 0) {
ret = -5;
@ -641,11 +640,11 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
out:
wc_AesFree(enc);
wc_AesFree(dec);
if (prnt) {
RESULT_STR(ret)
}
return ret;
}
#ifdef FREERTOS
@ -812,7 +811,7 @@ int tsip_crypt_sha_multitest()
int num = 0;
int i;
BaseType_t xRet;
#ifndef NO_SHA
num++;
#endif
@ -825,14 +824,14 @@ int tsip_crypt_sha_multitest()
exit_semaph = xSemaphoreCreateCounting(num, 0);
xRet = pdPASS;
#ifndef NO_SHA
xRet = xTaskCreate(tskSha_Test, "sha_test",
xRet = xTaskCreate(tskSha_Test, "sha_test",
SMALL_STACK_SIZE, NULL, 3, NULL);
#endif
#ifndef NO_SHA256
if (xRet == pdPASS)
xRet = xTaskCreate(tskSha256_Test, "sha256_test",
xRet = xTaskCreate(tskSha256_Test, "sha256_test",
SMALL_STACK_SIZE, NULL, 3, NULL);
#endif
@ -849,15 +848,15 @@ int tsip_crypt_sha_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if ((xRet == pdPASS) &&
(sha_multTst_rslt == 0 && sha256_multTst_rslt == 0))
ret = 0;
else
ret = -1;
RESULT_STR(ret)
return ret;
@ -874,7 +873,7 @@ int tsip_crypt_AesCbc_multitest()
Info info_aes256_1;
Info info_aes256_2;
BaseType_t xRet;
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
num+=2;
#endif
@ -887,7 +886,7 @@ int tsip_crypt_AesCbc_multitest()
exit_semaph = xSemaphoreCreateCounting(num, 0);
xRet = pdPASS;
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
sizeof(tsip_aes_key_index_t));
@ -916,7 +915,7 @@ int tsip_crypt_AesCbc_multitest()
xRet = xTaskCreate(tskAes256_Cbc_Test, "aes256_cbc_test2",
SMALL_STACK_SIZE, &info_aes256_2, 3, NULL);
#endif
if (xRet == pdPASS) {
printf(" Waiting for completing tasks ...");
vTaskDelay(10000/portTICK_PERIOD_MS);
@ -930,7 +929,7 @@ int tsip_crypt_AesCbc_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if ((xRet == pdPASS) &&
@ -955,7 +954,7 @@ int tsip_crypt_AesGcm_multitest()
Info info_aes256_1;
Info info_aes256_2;
BaseType_t xRet;
#if defined(WOLFSSL_AES_128)
num+=2;
#endif
@ -1010,7 +1009,7 @@ int tsip_crypt_AesGcm_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if ((xRet == pdPASS) &&
@ -1032,7 +1031,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
Info info_aes256cbc;
Info info_aes256gcm;
BaseType_t xRet;
#ifndef NO_SHA
num++;
#endif
@ -1051,7 +1050,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
exit_semaph = xSemaphoreCreateCounting(num, 0);
xRet = pdPASS;
#ifndef NO_SHA
xRet = xTaskCreate(tskSha_Test, "sha_test",
SMALL_STACK_SIZE, NULL, 3, NULL);
@ -1069,7 +1068,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
XMEMCPY(&info_aes256gcm.aes_key, &g_user_aes256_key_index2,
sizeof(tsip_aes_key_index_t));
if (xRet == pdPASS)
xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
xRet = xTaskCreate(tskAes256_Gcm_Test, "aes256_gcm_test2",
STACK_SIZE, &info_aes256gcm, 3, NULL);
#endif
@ -1086,9 +1085,9 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
}
}
}
vSemaphoreDelete(exit_semaph);
if (xRet == pdPASS && sha_multTst_rslt == 0 &&
(Aes256_Cbc_multTst_rslt == 0 && Aes256_Gcm_multTst_rslt == 0)) {
ret = 0;
@ -1096,7 +1095,7 @@ int tsip_crypt_Sha_AesCbcGcm_multitest()
else {
ret = -1;
}
RESULT_STR(ret)
return ret;
@ -1158,11 +1157,10 @@ int tsip_crypt_test()
ret = tsip_aesgcm256_test(1, &g_user_aes256_key_index1);
}
#if defined(WOLFSSL_KEY_GEN)&& \
#if defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (ret == 0) {
Clr_CallbackCtx(&userContext);
ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &userContext);
@ -1172,11 +1170,10 @@ int tsip_crypt_test()
}
if (ret == 0) {
printf(" tsip_rsa_SignVerify_test(1024)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA1024;
userContext.sing_hash_type = sha256_mac;
userContext.sign_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 1024);
@ -1189,7 +1186,7 @@ int tsip_crypt_test()
printf(" tsip_rsa_SignVerify_test(2048)");
userContext.wrappedKeyType = TSIP_KEY_TYPE_RSA2048;
userContext.sing_hash_type = sha256_mac;
userContext.sign_hash_type = sha256_mac;
userContext.keyflgs_crypt.bits.message_type = 0;
ret = tsip_rsa_SignVerify_test(1, 2048);

2
IDE/STM32Cube/wolfssl_example.h
View File

@ -27,7 +27,7 @@
#endif
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>

12
IDE/VS-AZURE-SPHERE/user_settings.h
View File

@ -7,9 +7,9 @@
#ifndef SERVER_IP
#define SERVER_IP "192.168.1.200" /* Local Test Server IP */
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 11111
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 11111
#endif
#define CERT ca_cert_der_2048
#define SIZEOF_CERT sizeof_ca_cert_der_2048
static const char msg[] = "Are you listening wolfSSL Server?";
@ -17,9 +17,9 @@
#ifndef SERVER_IP
#define SERVER_IP "www.wolfssl.com"
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 443
#endif
#ifndef DEFAULT_PORT
#define DEFAULT_PORT 443
#endif
#define CERT wolfssl_website_root_ca
#define SIZEOF_CERT sizeof_wolfssl_website_root_ca
static const char msg[] = "GET /index.html HTTP/1.1\r\n\r\n";

10
IDE/iotsafe/devices.h
View File

@ -95,8 +95,8 @@
#define FLASH_ACR_LATENCY_MASK (0x03)
/* RCC: Periph enable flags */
#define USART1_APB2_CLOCK_ER_VAL (1 << 14)
#define USART2_APB1_CLOCK_ER_VAL (1 << 17)
#define USART1_APB2_CLOCK_ER_VAL (1 << 14)
#define USART2_APB1_CLOCK_ER_VAL (1 << 17)
#define PWR_APB1_CLOCK_ER_VAL (1 << 28)
#define GPIOA_AHB2_CLOCK_ER_VAL (1 << 0)
#define GPIOB_AHB2_CLOCK_ER_VAL (1 << 1)
@ -208,11 +208,11 @@
#define SYSTICK_CALIB (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C))
/* STMod+ connector pinout
/* STMod+ connector pinout
*
* Connector STM32L4
* pins pins
*
*
* 1 11 PG11 PH2
* 2 12 PB6 PB2
* 3 13 PG10 PA4
@ -243,7 +243,7 @@ void stmod_modem_disable(void);
/* inline functions for GPIO */
static inline void gpio_set(uint32_t port, uint32_t pin)
{
GPIO_BSSR(port) |= (1 << pin);
GPIO_BSSR(port) |= (1 << pin);
}
static inline void gpio_clear(uint32_t port, uint32_t pin)

5
configure.ac
View File

@ -4769,11 +4769,6 @@ then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
# No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint)
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \

8
mqx/wolfssl_client/Sources/main.h
View File

@ -15,7 +15,7 @@
#include <wolfssl/ssl.h>
#define MAIN_TASK 1
#define MAIN_TASK 1
extern void Main_task(uint32_t);
extern void setup_ethernet(void);
@ -34,10 +34,10 @@ static inline void err_sys(const char* msg)
_mqx_exit(1);
}
/* PPP device must be set manually and
/* PPP device must be set manually and
* must be different from the default IO channel (BSP_DEFAULT_IO_CHANNEL)
*/
#define PPP_DEVICE "ittyb:"
#define PPP_DEVICE "ittyb:"
/*
* Define PPP_DEVICE_DUN only when using PPP to communicate
@ -54,7 +54,7 @@ static inline void err_sys(const char* msg)
#define ENET_IPMASK IPADDR(255,255,255,0)
#endif
#define GATE_IPADDR IPADDR(192,168,1,1)
#define GATE_IPADDR IPADDR(192,168,1,1)
#endif /* __main_h_ */

6
wolfcrypt/benchmark/benchmark.c
View File

@ -10663,11 +10663,15 @@ void bench_ecc(int useDeviceID, int curveId)
BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT);
#endif
#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN)
/* old scan-build misfires -Wmaybe-uninitialized on these. */
XMEMSET(sig, 0, sizeof(sig));
XMEMSET(digest, 0, sizeof(digest));
XMEMSET(shared, 0, sizeof(shared));
#endif
#ifdef HAVE_ECC_DHE
XMEMSET(shared, 0, sizeof(shared));
#endif
WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING,
sizeof(ecc_key), HEAP_HINT);

73
wolfcrypt/src/ecc.c
View File

@ -6395,9 +6395,6 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp)
#ifdef HAVE_ECC_SIGN
#ifndef NO_ASN
#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \
defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \
@ -6722,6 +6719,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
DECL_MP_INT_SIZE_DYN(r, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
DECL_MP_INT_SIZE_DYN(s, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE);
#endif
#ifdef NO_ASN
word32 keySz;
#endif
if (in == NULL || out == NULL || outlen == NULL || key == NULL) {
return ECC_BAD_ARG_E;
@ -6758,17 +6758,17 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
#else
NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
#ifdef MP_INT_SIZE_CHECK_NULL
if (r == NULL)
return MEMORY_E;
#endif
#endif
NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
#ifdef MP_INT_SIZE_CHECK_NULL
if (s == NULL) {
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
return MEMORY_E;
}
#endif
#endif
err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
if (err != 0) {
@ -6800,8 +6800,26 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
return err;
}
#ifndef NO_ASN
/* encoded with DSA header */
err = StoreECC_DSA_Sig(out, outlen, r, s);
#else
/* No support for DSA ASN.1 header.
* Signature will be r+s directly. */
keySz = 0;
if (key->dp != NULL) {
keySz = (word32)key->dp->size;
}
if (keySz <= 0) {
WOLFSSL_MSG("Error: ECDSA sign raw signature size");
return WC_NO_ERR_TRACE(ECC_BAD_ARG_E);
}
*outlen = keySz * 2;
/* Export signature into r,s */
mp_to_unsigned_bin_len(r, out, keySz);
mp_to_unsigned_bin_len(s, out + keySz, keySz);
#endif /* !NO_ASN */
/* cleanup */
mp_clear(r);
@ -6813,7 +6831,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
return err;
#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
}
#endif /* !NO_ASN */
#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
@ -8458,7 +8475,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
#ifdef HAVE_ECC_VERIFY
#ifndef NO_ASN
/* verify
*
* w = s^-1 mod n
@ -8496,6 +8512,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
#ifdef WOLFSSL_ASYNC_CRYPT
int isPrivateKeyOnly = 0;
#endif
#ifdef NO_ASN
word32 keySz;
#endif
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
return ECC_BAD_ARG_E;
@ -8528,18 +8547,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
r = key->r;
s = key->s;
#else
NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap,
DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
if (r == NULL)
return MEMORY_E;
#endif
NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
#endif
NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap,
DYNAMIC_TYPE_ECC);
#ifdef MP_INT_SIZE_CHECK_NULL
if (s == NULL) {
FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC);
return MEMORY_E;
}
#endif
#endif
err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key));
if (err != 0) {
FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC);
@ -8562,6 +8583,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
/* default to invalid signature */
*res = 0;
#ifndef NO_ASN
/* Decode ASN.1 ECDSA signature. */
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
@ -8576,6 +8598,24 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
if (err < 0) {
break;
}
#else
/* No support for DSA ASN.1 header.
* Signature must be r+s directly. */
keySz = 0;
if (key->dp != NULL) {
keySz = (word32)key->dp->size;
}
if (siglen != keySz * 2) {
WOLFSSL_MSG("Error: ECDSA Verify raw signature size");
return WC_NO_ERR_TRACE(ECC_BAD_ARG_E);
}
/* Import signature into r,s */
mp_init(r);
mp_init(s);
mp_read_unsigned_bin(r, sig, keySz);
mp_read_unsigned_bin(s, sig + keySz, keySz);
#endif /* !NO_ASN */
FALL_THROUGH;
case ECC_STATE_VERIFY_DO:
@ -8635,7 +8675,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
return err;
#endif /* !WOLF_CRYPTO_CB_ONLY_ECC */
}
#endif /* !NO_ASN */
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
@ -9124,7 +9163,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
keySz = (word32)key->dp->size;
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \
defined(WOLFSSL_ASYNC_CRYPT_SW)
defined(WOLFSSL_ASYNC_CRYPT_SW)
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_VERIFY)) {
WC_ASYNC_SW* sw = &key->asyncDev.sw;

198
wolfcrypt/src/port/Renesas/renesas_common.c
View File

@ -21,37 +21,44 @@
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) \
|| defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) \
|| defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \
defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#define cmn_hw_lock wc_fspsm_hw_lock
#define cmn_hw_unlock wc_fspsm_hw_unlock
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#define cmn_hw_lock tsip_hw_lock
#define cmn_hw_unlock tsip_hw_unlock
#define FSPSM_ST TsipUserCtx;
#define MAX_FSPSM_CBINDEX 5
#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
#define cmn_hw_lock wc_fspsm_hw_lock
#define cmn_hw_unlock wc_fspsm_hw_unlock
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#define cmn_hw_lock tsip_hw_lock
#define cmn_hw_unlock tsip_hw_unlock
#define FSPSM_ST TsipUserCtx;
#define MAX_FSPSM_CBINDEX 5
#endif
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#include <wolfssl/internal.h>
#endif
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/port/renesas/renesas_cmn.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#define INITIAL_DEVID 7890
uint32_t g_CAscm_Idx = (uint32_t)-1; /* index of CM table */
static int gdevId = 7890; /* initial dev Id for Crypt Callback */
static int gdevId = INITIAL_DEVID; /* initial dev Id for Crypt Callback */
#ifdef WOLF_CRYPTO_CB
/* store callback ctx by devId */
@ -59,7 +66,7 @@ static int gdevId = 7890; /* initial dev Id for Crypt Callback */
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST *gCbCtx[MAX_FSPSM_CBINDEX];
#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#define FSPSM_ST TsipUserCtx;
#define MAX_FSPSM_CBINDEX 5
TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
@ -68,7 +75,7 @@ TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
#include <wolfssl/wolfcrypt/cryptocb.h>
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(WOLFSSL* ssl)
WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
{
int ret = 0;
WOLFSSL_ENTER("Renesas_cmn_Cleanup");
@ -111,11 +118,9 @@ WOLFSSL_LOCAL int Renesas_cmn_RsaSignCheckCb(WOLFSSL* ssl,
int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
WOLFSSL_ENTER("Renesas_cmn_RsaSignCheckCb");
#if defined(WOLFSSL_RENESAS_TSIP)
return tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
#endif /* WOLFSSL_RENESAS_TSIP */
#if defined(WOLFSSL_RENESAS_TSIP)
ret = tsip_VerifyRsaPkcsCb(ssl, sig, sigSz, out, keyDer, keySz, ctx);
#endif /* WOLFSSL_RENESAS_TSIP */
WOLFSSL_LEAVE("Renesas_cmn_RsaSignCheckCb", ret);
return ret;
@ -151,29 +156,31 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_CryptoDevCb");
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
#endif
if (info == NULL || ctx == NULL)
return BAD_FUNC_ARG;
#ifdef DEBUG_WOLFSSL
#if defined(DEBUG_WOLFSSL)
printf("CryptoDevCb: Algo Type %d session key set: %d\n",
info->algo_type, cbInfo->session_key_set);
#endif
#if defined(DEBUG_CRYPTOCB)
wc_CryptoCb_InfoString(info);
#endif
#if defined(WOLFSSL_RENESAS_TSIP) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
ret = CRYPTOCB_UNAVAILABLE;
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM
#ifdef WOLFSSL_RENESAS_TSIP_TLS
@ -236,44 +243,51 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
#endif /* !NO_AES */
}
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif
/* Is called for signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
if (info->pk.type == WC_PK_TYPE_RSA) {
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, ctx);
}
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
else if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT /* verify */) {
ret = wc_tsip_RsaVerifyPkcs(info, ctx);
}
#endif
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 || info->pk.rsakg.size == 2048)) {
ret = wc_tsip_MakeRsaKey(info->pk.rsakg.size, (void*)ctx);
}
#endif /* NO_RSA */
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ret = tsip_SignEcdsa(info, ctx);
#endif
/* RSA Signing
* Can handle only RSA PkCS#1v1.5 padding scheme here.
*/
if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
ret = tsip_SignRsaPkcs(info, cbInfo);
}
#endif /* HAVE_ECC */
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* RSA Verify */
if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
}
#endif
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ret = tsip_SignEcdsa(info, cbInfo);
}
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
ret = tsip_VerifyEcdsa(info, cbInfo);
}
#endif
#endif /* HAVE_ECC */
}
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
@ -342,20 +356,19 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
}
}
#endif /* HAVE_AES_CBC */
#endif /* !NO_AES || !NO_DES3 */
#endif /* !NO_AES */
}
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA)
#if defined(WOLFSSL_KEY_GEN)
#if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#if defined(WOLFSSL_KEY_GEN)
if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
(info->pk.rsakg.size == 1024 ||
info->pk.rsakg.size == 2048)) {
ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
info->pk.rsakg.size, (void*)ctx);
}
#endif
#endif
if (info->pk.type == WC_PK_TYPE_RSA) {
/* to perform RSA on SCE, wrapped keys should be installed
* in advance. SCE supports 1024 or 2048 bits key size.
@ -406,9 +419,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
"RSA operation falls through to SW operation.");
}
}
#endif /* NO_RSA && WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
}
#endif /* NO_RSA */
#endif /* !NO_RSA */
#endif /* TSIP or SCE */
(void)devIdArg;
@ -424,17 +436,20 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
* session_key_generated : if session key has been generated
* return 1 for usable, 0 for unusable
*/
int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
int Renesas_cmn_usable(const struct WOLFSSL* ssl, byte session_key_generated)
{
int ret;
int ret = 0;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = tsip_usable(ssl, session_key_generated);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
ret = wc_fspsm_usable(ssl, session_key_generated);
#endif
(void)ssl;
(void)session_key_generated;
return ret;
}
@ -447,8 +462,8 @@ int Renesas_cmn_usable(const WOLFSSL* ssl, byte session_key_generated)
*/
WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
{
if (devId >= 7890 && devId <= (MAX_FSPSM_CBINDEX + 7890))
return gCbCtx[devId - 7890];
if (devId >= INITIAL_DEVID && devId <= (MAX_FSPSM_CBINDEX + INITIAL_DEVID))
return gCbCtx[devId - INITIAL_DEVID];
else
return NULL;
}
@ -462,13 +477,13 @@ WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId)
* device Id starts from 7890, and increases + 1 its number
* when the method is successfully called.
*/
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
{
(void)ssl;
(void)ctx;
#if defined(WOLFSSL_RENESAS_TSIP_TLS) \
|| defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
@ -476,18 +491,21 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
#endif
if (cbInfo == NULL
#if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) &&\
#if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL) {
#else
) {
!defined(HAVE_RENESAS_SYNC)
|| ssl == NULL
#endif
printf("Invalid devId\n");
) {
WOLFSSL_MSG("Invalid devId\n");
return INVALID_DEVID;
}
/* need exclusive control because of static variable */
if ((cmn_hw_lock()) == 0) {
/* sanity check for overflow */
if (gdevId < 0) {
gdevId = INITIAL_DEVID;
}
cbInfo->devId = gdevId++;
cmn_hw_unlock();
}
@ -509,12 +527,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx)
if (ssl)
wolfSSL_SetDevId(ssl, cbInfo->devId);
#endif
/* sanity check for overflow */
if (gdevId < 0) {
gdevId = 7890;
}
gCbCtx[cbInfo->devId - 7890] = (void*)cbInfo;
gCbCtx[cbInfo->devId - INITIAL_DEVID] = (void*)cbInfo;
return cbInfo->devId;
}
@ -532,8 +546,8 @@ void wc_CryptoCb_CleanupRenesasCmn(int* id)
}
#endif /* WOLF_CRYPTO_CB */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS|| WOLFSSL_RENESAS_FSPSM_CRYPTONLY
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* WOLFSSL_RENESAS_FSPSM_TLS || WOLFSSL_RENESAS_FSPSM_CRYPTONLY
WOLFSSL_RENESAS_TSIP_TLS || WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS)
@ -805,7 +819,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
if (Renesas_cmn_usable(ssl, 0)) {
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
#endif

52
wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c
View File

@ -40,7 +40,7 @@
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
/* Make Rsa key for TSIP and set it to callback ctx
/* Make RSA key for TSIP and set it to callback ctx
* Assumes to be called by Crypt Callback
*
* size desired keylenth, in bits. supports 1024 or 2048 bits
@ -59,6 +59,11 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
if (ctx == NULL)
return BAD_FUNC_ARG;
if (size != 1024 && size != 2048) {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
if ((ret = tsip_hw_lock()) == 0) {
if (size == 1024) {
tsip_pair1024_key =
@ -80,8 +85,6 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
ret = R_TSIP_GenerateRsa2048RandomKeyIndex(tsip_pair2048_key);
}
else
return CRYPTOCB_UNAVAILABLE;
if (ret == TSIP_SUCCESS) {
if (size == 1024) {
@ -90,8 +93,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
}
if (info->rsa1024pub_keyIdx != NULL) {
XFREE(info->rsa1024pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
}
info->rsa1024pri_keyIdx =
(tsip_rsa1024_private_key_index_t*)XMALLOC(
@ -99,7 +101,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pri_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
@ -109,9 +111,8 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa1024pub_keyIdx == NULL) {
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, 0,
DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa1024pri_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
@ -121,7 +122,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
XMEMCPY(info->rsa1024pub_keyIdx,
&tsip_pair1024_key->public,
sizeof(tsip_rsa1024_public_key_index_t));
XFREE(tsip_pair1024_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair1024_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri1024_key_set = 1;
info->keyflgs_crypt.bits.rsapub1024_key_set = 1;
@ -141,7 +142,7 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pri_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
@ -151,11 +152,12 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
DYNAMIC_TYPE_RSA_BUFFER);
if (info->rsa2048pub_keyIdx == NULL) {
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, 0,
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(info->rsa2048pri_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
return MEMORY_E;
}
/* copy generated key pair and free malloced key */
XMEMCPY(info->rsa2048pri_keyIdx,
&tsip_pair2048_key->private,
@ -163,21 +165,17 @@ WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx)
XMEMCPY(info->rsa2048pub_keyIdx,
&tsip_pair2048_key->public,
sizeof(tsip_rsa2048_public_key_index_t));
XFREE(tsip_pair2048_key, 0, DYNAMIC_TYPE_RSA_BUFFER);
XFREE(tsip_pair2048_key, NULL, DYNAMIC_TYPE_RSA_BUFFER);
info->keyflgs_crypt.bits.rsapri2048_key_set = 1;
info->keyflgs_crypt.bits.rsapub2048_key_set = 1;
}
}
else {
WOLFSSL_MSG("Failed to generate key pair by TSIP");
return CRYPTOCB_UNAVAILABLE;
}
tsip_hw_unlock();
}
return 0;
}
@ -199,21 +197,19 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
uint8_t tsip_hash_type;
/* sanity check */
if (info == NULL || tuc == NULL){
return BAD_FUNC_ARG;
}
if (ret == 0) {
if (tuc->sing_hash_type == md5_mac)
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sing_hash_type == sha_mac)
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sing_hash_type == sha256_mac)
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
@ -221,8 +217,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1)
{
if (tuc->keyflgs_crypt.bits.rsapub1024_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
@ -232,11 +227,10 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1)
{
if (tuc->keyflgs_crypt.bits.rsapub2048_key_set != 1) {
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
WOLFSSL_MSG("tsip rsa private key 1024 not set");
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
}

387
wolfcrypt/src/port/Renesas/renesas_tsip_util.c
View File

@ -34,11 +34,15 @@
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#include <wolfssl/ssl.h>
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#include <wolfssl/ssl.h>
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#endif
#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
#include <stdio.h>
#define TSIP_SIGNING_DATA_PREFIX_SZ 64
@ -171,6 +175,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* Set client encrypted public key data.
@ -189,8 +194,7 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
if (uc == NULL
|| keyBuf == NULL || keyBufLen == 0) {
if (uc == NULL || keyBuf == NULL || keyBufLen == 0) {
ret = BAD_FUNC_ARG;
}
@ -412,20 +416,20 @@ WOLFSSL_LOCAL int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
}
}
if (ret != 0) {
if (kse->key != NULL)
if ((ret != 0) && (ret != CRYPTOCB_UNAVAILABLE)) {
if (kse->key != NULL) {
XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (kse->pubKey != NULL)
kse->key = NULL;
}
if (kse->pubKey != NULL) {
XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
kse->pubKey = NULL;
}
}
WOLFSSL_LEAVE("tsip_Tls13GenEccKeyPair", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* generate shared secret(pre-master secret)
* get peer's raw ECDHE public key from KeyShareEntry.
* The pre-master secret generated by TSIP is stored into
@ -514,11 +518,7 @@ WOLFSSL_LOCAL int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
WOLFSSL_LEAVE("tsip_Tls13GenSharedSecret", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
{
int ret = 0;
@ -543,11 +543,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsip_Tls13DeriveEarlySecret", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* derive handshake secret.
* get pre-master secret stored in TsipUserCtx.sharedSecret13Idx.
* Derived handshake secret is stored into TsipUserCtx.handshakeSecret13Idx
@ -621,11 +617,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsip_Tls13DeriveHandshakeSecret", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
{
int ret = 0;
@ -705,11 +697,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsipTls13DeriveClientHandshakeKeys", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
{
int ret = 0;
@ -789,11 +777,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsipTls13DeriveServerHandshakeKeys", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
{
int ret = 0;
@ -881,11 +865,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsipTls13DeriveTrafficKeys", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
{
int ret = 0;
@ -953,11 +933,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsipTls13UpdateClientTrafficKeys", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
{
int ret = 0;
@ -1025,11 +1001,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsipTls13UpdateServerTrafficKeys", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* Derive the keys for TLS v1.3.
*
* ssl The WOLFSSL object.
@ -1124,11 +1096,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveKeys(struct WOLFSSL* ssl,
WOLFSSL_LEAVE("tsip_Tls13DeriveKeys", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
{
int ret = 0;
@ -1198,11 +1166,7 @@ WOLFSSL_LOCAL int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
WOLFSSL_LEAVE("tsip_Tls13DeriveMasterSecret", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* verify handshake
* ssl WOLFSSL object
* hash buffer holding decrypted finished message content from server.
@ -1288,11 +1252,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
WOLFSSL_LEAVE("tsipTls13VerifyHandshake", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* handles finished message from server.
* verify hmac in the message. Also output verify data to
* TsipUserCtx.verifyDataIdx, which is used for deriving master secret.
@ -1334,11 +1294,7 @@ WOLFSSL_LOCAL int tsip_Tls13HandleFinished(
WOLFSSL_LEAVE("tsip_Tls13HandleFinished", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* Build TLS v1.3 Message and make it encrypted with AEAD algorithm.
* TSIP supports AES-GCM and AES-CCM.
* ssl The WOLFSSL object.
@ -1434,11 +1390,7 @@ WOLFSSL_LOCAL int tsip_Tls13BuildMessage(struct WOLFSSL* ssl,
WOLFSSL_LEAVE("tsip_Tls13BuildMessage", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* Send finished message to the server.
*
* ssl WOLFSSL object
@ -1501,9 +1453,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendFinished(
WOLFSSL_LEAVE("tsip_Tls13SendFinished", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* Parse and handle a TLS v1.3 CertificateVerify message sent from a server.
*
* ssl WOLFSSL object
@ -1644,9 +1594,7 @@ WOLFSSL_LOCAL int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
WOLFSSL_LEAVE("tsip_Tls13CertificateVerify", ret);
return ret;
}
#endif /* WOLFSSL_TLS13 */
#if defined(WOLFSSL_TLS13)
/* Send the TLS v1.3 CertificateVerify message. A part of the message is
* processed by TSIP for acceleration.
*
@ -1740,7 +1688,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
}
else {
if (!tuc->ClientEccP256PrivKey_set) {
if (!tuc->ClientEccPrivKey_set) {
ret = NO_PRIVATE_KEY;
}
}
@ -1781,7 +1729,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
else {
err = R_TSIP_Tls13CertificateVerifyGenerate(
(uint32_t*)&(tuc->EcdsaP256PrivateKeyIdx),
(uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
hash,
message + HANDSHAKE_HEADER_SZ,
@ -1817,7 +1765,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
}
else {
#if defined(WOLFSSL_CHECK_SIG_FAULTS)
if (!tuc->ClientEccP256PubKey_set) {
if (!tuc->ClientEccPubKey_set) {
ret = NO_PRIVATE_KEY;
}
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
@ -1886,7 +1834,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
err = R_TSIP_EcdsaP256SignatureVerification(
&ecdsa_sig, &ecdsa_hash,
&tuc->EcdsaP256PublicKeyIdx);
&tuc->EcdsaPublicKeyIdx);
WOLFSSL_MSG("Perform self-verify for ecc signature");
#endif /* WOLFSSL_CHECK_SIG_FAULTS */
}
@ -1927,6 +1875,7 @@ WOLFSSL_LOCAL int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
#endif /* WOLFSSL_TLS13 */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109)
static uint32_t GetTsipCipherSuite(
@ -2072,7 +2021,7 @@ static int tsip_ServerKeyExVerify(
WOLFSSL_MSG("Failed to lock tsip hw");
}
XFREE(peerkey, 0, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(peerkey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_LEAVE("tsip_ServerKeyExVerify", ret);
return ret;
@ -2145,7 +2094,7 @@ int wc_tsip_EccVerify(
return CRYPTOCB_UNAVAILABLE;
}
/* concatenate r and s parts of the signature so that TSIP can handle it*/
/* concatenate r and s parts of the signature so that TSIP can handle it */
/* r */
if (sig[offset] == 0x20) {
XMEMCPY(sigforSCE, &sig[offset+1], rs_size);
@ -2346,8 +2295,10 @@ static byte _tls2tsipdef(byte cipher)
* The target key should be set with tsip_use_PrivateKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/
static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
{
@ -2403,12 +2354,12 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PrivKey_set = 0;
tuc->ClientEccPrivKey_set = 0;
err = R_TSIP_GenerateEccP256PrivateKeyIndex(
provisioning_key, iv, (uint8_t*)encPrivKey,
&(tuc->EcdsaP256PrivateKeyIdx));
&(tuc->EcdsaPrivateKeyIdx));
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PrivKey_set = 1;
tuc->ClientEccPrivKey_set = 1;
}
else {
ret = WC_HW_E;
@ -2436,8 +2387,10 @@ static int tsipImportPrivateKey(TsipUserCtx* tuc, int keyType)
* The target key should be set with tsip_use_PublicKey_buffer in advance.
* Acceptable key types are:
* TSIP_KEY_TYPE_RSA2048 rsa 2048 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key(Not supported as of now)
* TSIP_KEY_TYPE_RSA3072 rsa 3072 bit key
* TSIP_KEY_TYPE_RSA4096 rsa 4096 bit key
* TSIP_KEY_TYPE_ECDSAP256 ecdsa p256r1 key
* TSIP_KEY_TYPE_ECDSAP384 ecdsa p384r1 key
*/
WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
{
@ -2468,7 +2421,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
}
if ((ret = tsip_hw_lock()) == 0) {
switch(keyType) {
switch (keyType) {
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA2048:
@ -2479,11 +2432,11 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
XFREE(tuc->rsa2048pub_keyIdx, NULL,
DYNAMIC_TYPE_RSA_BUFFER);
}
tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
tuc->rsa2048pub_keyIdx =
(tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
(tsip_rsa2048_public_key_index_t*)XMALLOC(
sizeof(tsip_rsa2048_public_key_index_t), NULL,
DYNAMIC_TYPE_RSA_BUFFER);
if (tuc->rsa2048pub_keyIdx == NULL) {
return MEMORY_E;
}
@ -2507,25 +2460,47 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
ret = WC_HW_E;
}
break;
#endif
#if !defined(NO_RSA)
case TSIP_KEY_TYPE_RSA4096:
/* not supported as of TSIPv1.15 */
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#endif /* !NO_RSA */
#if defined(HAVE_ECC) && \
defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(HAVE_ECC)
case TSIP_KEY_TYPE_ECDSAP256:
tuc->ClientEccP256PubKey_set = 0;
err = R_TSIP_GenerateEccP256PublicKeyIndex(
case TSIP_KEY_TYPE_ECDSAP384:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 0;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
#endif
if (keyType == TSIP_KEY_TYPE_ECDSAP256) {
err = R_TSIP_GenerateEccP256PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
&(tuc->EcdsaP256PublicKeyIdx));
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
);
}
else if (keyType == TSIP_KEY_TYPE_ECDSAP384) {
err = R_TSIP_GenerateEccP384PublicKeyIndex(
provisioning_key, iv, (uint8_t*)encPubKey,
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
&(tuc->EcdsaPublicKeyIdx)
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
&tuc->eccpub_keyIdx
#endif
);
}
if (err == TSIP_SUCCESS) {
tuc->ClientEccP256PubKey_set = 1;
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientEccPubKey_set = 1;
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
#endif
}
else {
ret = WC_HW_E;
@ -2545,41 +2520,7 @@ WOLFSSL_LOCAL int tsipImportPublicKey(TsipUserCtx* tuc, int keyType)
WOLFSSL_LEAVE("tsipImportPublicKey", ret);
return ret;
}
/*
* lock hw engine.
* this should be called before using engine.
*/
WOLFSSL_LOCAL int tsip_hw_lock(void)
{
int ret = 0;
if (tsip_CryptHwMutexInit_ == 0) {
ret = tsip_CryptHwMutexInit(&tsip_mutex);
if (ret == 0) {
tsip_CryptHwMutexInit_ = 1;
}
else {
WOLFSSL_MSG(" mutex initialization failed.");
return -1;
}
}
if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
/* this should not happens */
return -1;
}
return ret;
}
/*
* release hw engine
*/
WOLFSSL_LOCAL void tsip_hw_unlock(void)
{
tsip_CryptHwMutexUnLock(&tsip_mutex);
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* check if tsip tls functions can be used for the cipher */
/* return :1 when tsip can be used , 0 not be used. */
@ -2678,6 +2619,41 @@ int tsip_usable(const WOLFSSL *ssl, uint8_t session_key_generated)
}
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/*
* lock hw engine.
* this should be called before using engine.
*/
WOLFSSL_LOCAL int tsip_hw_lock(void)
{
int ret = 0;
if (tsip_CryptHwMutexInit_ == 0) {
ret = tsip_CryptHwMutexInit(&tsip_mutex);
if (ret == 0) {
tsip_CryptHwMutexInit_ = 1;
}
else {
WOLFSSL_MSG(" mutex initialization failed.");
return -1;
}
}
if (tsip_CryptHwMutexLock(&tsip_mutex) != 0) {
/* this should not happens */
return -1;
}
return ret;
}
/*
* release hw engine
*/
WOLFSSL_LOCAL void tsip_hw_unlock(void)
{
tsip_CryptHwMutexUnLock(&tsip_mutex);
}
/* open TSIP driver
* return 0 on success.
@ -2696,6 +2672,7 @@ WOLFSSL_LOCAL int tsip_Open(void)
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("RENESAS TSIP Open failed");
}
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
if (ret == TSIP_SUCCESS && g_user_key_info.encrypted_user_tls_key) {
@ -2722,11 +2699,13 @@ WOLFSSL_LOCAL int tsip_Open(void)
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_(Re)Open: NG");
}
/* init vars */
/* init vars */
g_CAscm_Idx = (uint32_t)-1;
}
}
#endif
#elif defined(WOLFSSL_RENESAS_TSIP) && (WOLFSSL_RENESAS_TSIP_VER>=106)
ret = R_TSIP_Open((uint32_t*)s_flash, s_inst1, s_inst2);
@ -2756,7 +2735,8 @@ WOLFSSL_LOCAL int tsip_Open(void)
if (ret != TSIP_SUCCESS) {
WOLFSSL_MSG("R_TSIP_(Re)Open failed");
}
/* init vars */
/* init vars */
g_CAscm_Idx = (uint32_t)-1;
}
}
@ -2832,7 +2812,8 @@ void tsip_inform_user_keys_ex(
word32 encrypted_user_tls_key_type)
{
WOLFSSL_ENTER("tsip_inform_user_keys_ex");
ForceZero(&g_user_key_info, sizeof(g_user_key_info));
XMEMSET(&g_user_key_info, 0, sizeof(g_user_key_info));
g_user_key_info.encrypted_provisioning_key = NULL;
g_user_key_info.iv = NULL;
@ -3690,7 +3671,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = tsipImportPrivateKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
if (ssl->options.hashAlgo == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
@ -3705,11 +3685,11 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
(void)ssl;
if (ret == 0) {
if (tuc->sing_hash_type == md5_mac)
if (tuc->sign_hash_type == md5_mac)
tsip_hash_type = R_TSIP_RSA_HASH_MD5;
else if (tuc->sing_hash_type == sha_mac)
else if (tuc->sign_hash_type == sha_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA1;
else if (tuc->sing_hash_type == sha256_mac)
else if (tuc->sign_hash_type == sha256_mac)
tsip_hash_type = R_TSIP_RSA_HASH_SHA256;
else
ret = CRYPTOCB_UNAVAILABLE;
@ -3717,15 +3697,13 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
switch (tuc->wrappedKeyType) {
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1)
{
WOLFSSL_MSG("tsip rsa private key 2048 not set");
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 1024 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
break;
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1)
{
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 2048 not set");
ret = CRYPTOCB_UNAVAILABLE;
}
@ -3735,7 +3713,6 @@ WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
ret = CRYPTOCB_UNAVAILABLE;
break;
}
#endif
if (ret == 0) {
@ -3902,7 +3879,8 @@ WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
}
#endif /* !NO_RSA && TSIP_TLS */
#if defined(HAVE_ECC) && defined(WOLFSSL_RENESAS_TSIP_TLS)
#if defined(HAVE_ECC)
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
/* Perform signing with the client's ECC private key on hash value of messages
* exchanged with server.
*
@ -3922,7 +3900,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_rsa_byte_data_t hashData, sigData;
tsip_ecdsa_byte_data_t hashData, sigData;
byte offsetForWork;
byte* out = NULL;
byte* sig = NULL;
@ -3961,7 +3939,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(HAVE_ECC)
#if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256:
offsetForWork = R_TSIP_ECDSA_DATA_BYTE_SIZE + 32;
if (*(info->pk.eccsign.outlen) <
@ -3974,7 +3952,7 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
offsetForWork;
err = R_TSIP_EcdsaP256SignatureGenerate(
&hashData, &sigData,
&tuc->EcdsaP256PrivateKeyIdx);
&tuc->EcdsaPrivateKeyIdx);
if (err != TSIP_SUCCESS) {
ret = WC_HW_E;
break;
@ -4012,16 +3990,6 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
break;
#endif
#if defined(HAVE_ECC192)
case TSIP_KEY_TYPE_ECDSAP192:
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC224)
case TSIP_KEY_TYPE_ECDSAP224:
ret = CRYPTOCB_UNAVAILABLE;
break;
#endif
#if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384:
ret = CRYPTOCB_UNAVAILABLE;
@ -4042,7 +4010,114 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
WOLFSSL_LEAVE("tsip_SignEcdsa", ret);
return ret;
}
#endif /* HAVE_ECC && TSIP_TLS */
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
/* zero pad or truncate hash */
static int tsip_HashPad(int curveSz, uint8_t* hash,
const uint8_t* hashIn, int hashSz)
{
if (hashSz > curveSz)
hashSz = curveSz;
XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
return curveSz;
}
/* Perform verify with the wrapped public key, provided hash and signature r+s
*
* parameters
* info->pk.eccverify.in : the buffer holding hash value of messages
* info->pk.eccverify.inlen : hash data size
* info->pk.eccverify.out : the buffer where the signature data is output to
* info->pk.eccverify.outlen: the length of the buffer pk.eccsign.out
* tuc: the pointer to the TsipUserCtx structure
* returns
* 0 on success, CRYPTOCB_UNAVAILABLE on unsupported key type specified.
*/
WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
{
int ret = 0;
e_tsip_err_t err = TSIP_SUCCESS;
tsip_ecdsa_byte_data_t hashData, sigData;
/* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
* if using SHA2-256 with ECDSA SECP384R1 */
uint8_t hash[TSIP_MAX_ECC_BYTES];
WOLFSSL_ENTER("tsip_VerifyEcdsa");
if (info == NULL || tuc == NULL) {
ret = CRYPTOCB_UNAVAILABLE;
}
XMEMSET(hash, 0, sizeof(hash));
if (ret == 0) {
/* import public key_index from wrapped key */
ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
}
if (ret == 0) {
int curveSz = info->pk.eccverify.key->dp->size;
hashData.pdata = (uint8_t*)hash;
hashData.data_type = tuc->keyflgs_crypt.bits.message_type;
sigData.pdata = (uint8_t*)info->pk.eccverify.sig;
sigData.data_length = info->pk.eccverify.siglen;
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if !defined(NO_ECC256)
case TSIP_KEY_TYPE_ECDSAP256:
/* zero pad or truncate */
hashData.data_length = tsip_HashPad(curveSz,
hash, info->pk.eccverify.hash,
info->pk.eccverify.hashlen);
err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx);
if (err == TSIP_SUCCESS) {
*info->pk.eccverify.res = 1; /* success */
}
else {
ret = WC_HW_E;
}
break;
break;
#endif
#if defined(HAVE_ECC384)
case TSIP_KEY_TYPE_ECDSAP384:
/* zero pad or truncate */
hashData.data_length = tsip_HashPad(curveSz,
hash, info->pk.eccverify.hash,
info->pk.eccverify.hashlen);
err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
&hashData, &tuc->eccpub_keyIdx);
if (err == TSIP_SUCCESS) {
*info->pk.eccverify.res = 1; /* success */
}
else {
ret = WC_HW_E;
}
break;
#endif
default:
WOLFSSL_MSG("ECDSA public key size not available");
ret = CRYPTOCB_UNAVAILABLE;
break;
}
tsip_hw_unlock();
}
else {
WOLFSSL_MSG("mutex locking error");
}
}
WOLFSSL_LEAVE("tsip_VerifyEcdsa", ret);
return ret;
}
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
#endif /* HAVE_ECC */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPT_DEBUG

13
wolfcrypt/src/random.c
View File

@ -110,7 +110,7 @@ This library contains implementation for the random number generator.
#include <basictypes.h>
#include <random.h>
#elif defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h"
#elif defined(NO_DEV_RANDOM)
#elif defined(CUSTOM_RAND_GENERATE)
#elif defined(CUSTOM_RAND_GENERATE_BLOCK)
@ -126,6 +126,9 @@ This library contains implementation for the random number generator.
#elif defined(WOLFSSL_PB)
#elif defined(WOLFSSL_ZEPHYR)
#elif defined(WOLFSSL_TELIT_M2MB)
#elif defined(WOLFSSL_RENESAS_TSIP)
/* for wc_tsip_GenerateRandBlock */
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
#elif defined(WOLFSSL_IMXRT1170_CAAM)
#elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
@ -3652,6 +3655,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
return 0;
}
#elif defined(WOLFSSL_RENESAS_TSIP)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
(void)os;
return wc_tsip_GenerateRandBlock(output, sz);
}
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
#include "hal_data.h"

47
wolfcrypt/test/test.c
View File

@ -28687,12 +28687,10 @@ typedef struct eccVector {
const char* curveName;
word32 msgLen;
word32 keySize;
#ifndef NO_ASN
const byte* r;
word32 rSz;
const byte* s;
word32 sSz;
#endif
} eccVector;
#if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
@ -28744,13 +28742,14 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
if (ret != 0)
goto done;
#if !defined(NO_ASN)
XMEMSET(sig, 0, ECC_SIG_SIZE);
sigSz = ECC_SIG_SIZE;
ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
if (ret != 0)
goto done;
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
#if !defined(HAVE_SELFTEST)
XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
sigRawSz = ECC_SIG_SIZE;
ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
@ -28770,7 +28769,17 @@ static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
ret = WC_TEST_RET_ENC_NC;
goto done;
}
#endif
#endif /* !HAVE_SELFTEST */
#else
/* Signature will be R+S directly */
/* Make sure and zero pad if r or s is less than key size */
XMEMSET(sig, 0, ECC_SIG_SIZE);
sigSz = vector->keySize * 2;
XMEMCPY(sig + (vector->keySize - vector->rSz),
vector->r, vector->rSz);
XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz),
vector->s, vector->sSz);
#endif /* !NO_ASN */
#ifdef HAVE_ECC_VERIFY
do {
@ -28858,14 +28867,12 @@ static wc_test_ret_t ecc_test_vector(int keySize)
vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
vec.curveName = "SECP192R1";
#ifndef NO_ASN
vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
"\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
vec.rSz = 24;
vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
"\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
vec.sSz = 24;
#endif
break;
#endif /* HAVE_ECC192 */
@ -28894,7 +28901,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
vec.curveName = "SECP224R1";
#ifndef NO_ASN
vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
"\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
"\xbc\x16\x71\xa7";
@ -28903,7 +28909,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
"\x6a\xf3\xad\x5b";
vec.sSz = 28;
#endif
break;
#endif /* HAVE_ECC224 */
@ -28936,7 +28941,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
#ifndef NO_ASN
vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
"\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
"\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
@ -28945,7 +28949,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
"\x5a\x21\x48\xae\x32\xe3\xa2\x48";
vec.sSz = 32;
#endif
vec.curveName = "SECP256R1";
break;
#endif /* !NO_ECC256 */
@ -28980,7 +28983,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
vec.curveName = "SECP384R1";
#ifndef NO_ASN
vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
"\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
"\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
@ -28991,7 +28993,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
"\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
vec.sSz = 48;
#endif
break;
#endif /* HAVE_ECC384 */
@ -29025,7 +29026,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
vec.curveName = "SECP521R1";
#ifndef NO_ASN
vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
"\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
"\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
@ -29040,7 +29040,6 @@ static wc_test_ret_t ecc_test_vector(int keySize)
"\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
"\x3d\x22\xf2\x48\x0c";
vec.sSz = 65;
#endif
break;
#endif /* HAVE_ECC521 */
default:
@ -29838,6 +29837,15 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
#ifdef HAVE_ECC_VERIFY
int verify = 0;
#endif
#ifdef NO_ASN
/* private d for eccKeyDerFile / ecc_key_der_256 */
const byte keyPriv[] = {
0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85,
0xA1, 0x38, 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC,
0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, 0x6C,
0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C
};
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((key == NULL) ||
@ -29892,6 +29900,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#ifndef NO_ASN
x = 0;
ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
if (ret != 0)
@ -29917,6 +29926,10 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
}
#endif /* HAVE_ECC_KEY_EXPORT */
#else
/* Load raw private d directly */
ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key);
#endif /* !NO_ASN */
ret = wc_ecc_make_pub(NULL, NULL);
if (ret == 0) {
@ -29936,7 +29949,7 @@ static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#endif /* !WOLFSSL_CRYPTOCELL */
TEST_SLEEP();
#ifdef HAVE_ECC_KEY_EXPORT
@ -31396,7 +31409,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
#else
ecc_key key[1];
#endif
#if !defined(NO_ECC_SECP) && \
#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
(defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
word32 idx = 0;
@ -31449,7 +31462,7 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
(void)rng;
#endif /* !WC_NO_RNG */
#if !defined(NO_ECC_SECP) && \
#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
(defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
/* Use test ECC key - ensure real private "d" exists */

4
wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
View File

@ -31,7 +31,7 @@
#define FSPSM_W_KEYVAR renesas_sce_wrappedkey
#define FSPSM_tls_flg_ST sce_keyflgs_tls
#define FSPSM_key_flg_ST sce_keyflgs_cryt
#define FSPSM_key_flg_ST sce_keyflgs_crypt
#define FSPSM_tag_ST tagUser_SCEPKCbInfo
#define FSPSM_ST User_SCEPKCbInfo
#define FSPSM_ST_PKC SCE_PKCbInfo
@ -171,7 +171,7 @@
/* structure, type so on */
#define FSPSM_W_KEYVAR renesas_rsip_wrappedkey
#define FSPSM_tls_flg_ST rsip_keyflgs_tls
#define FSPSM_key_flg_ST rsip_keyflgs_cryt
#define FSPSM_key_flg_ST rsip_keyflgs_crypt
#define FSPSM_tag_ST tagUser_RSIPPKCbInfo
#define FSPSM_ST User_RSIPPKCbInfo
#define FSPSM_ST_PKC RSIP_PKCbInfo

196
wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
View File

@ -36,8 +36,16 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/hash.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#include <wolfssl/ssl.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#ifdef __cplusplus
extern "C" {
@ -51,7 +59,7 @@ extern "C" {
typedef enum {
WOLFSSL_TSIP_NOERROR = 0,
WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff,
}wolfssl_tsip_error_number;
} wolfssl_tsip_error_number;
typedef enum {
tsip_Key_SESSION = 1,
@ -84,19 +92,24 @@ enum {
TSIP_TLS_VERIFY_DATA_WD_SZ = 8,
TSIP_TLS_MAX_SIGDATA_SZ = 130,
TSIP_TEMP_WORK_SIZE = 128,
TSIP_MAX_ECC_BYTES = 48,
};
typedef enum {
TSIP_KEY_TYPE_RSA2048 = 0,
TSIP_KEY_TYPE_RSA4096 = 1,
TSIP_KEY_TYPE_ECDSAP256 = 2,
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
TSIP_KEY_TYPE_RSA1024 = 3,
TSIP_KEY_TYPE_RSA1024 = 1, /* TSIP_RSA1024 */
#endif
TSIP_KEY_TYPE_RSA2048 = 2, /* TSIP_RSA2048 */
TSIP_KEY_TYPE_RSA3072 = 3, /* TSIP_RSA3072 */
TSIP_KEY_TYPE_RSA4096 = 4, /* TSIP_RSA4096 */
TSIP_KEY_TYPE_ECDSAP256 = 5, /* TSIP_ECCP256 */
TSIP_KEY_TYPE_ECDSAP384 = 6, /* TSIP_ECCP384 */
} wolfssl_TSIP_KEY_TYPE;
struct WOLFSSL;
struct ecc_key;
struct KeyShareEntry;
/* MsgBag stands for message bag and acts as a buffer for holding plain text
@ -121,26 +134,33 @@ typedef struct MsgBag
} MsgBag;
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
typedef void* renesas_tsip_key;
/* flags Crypt Only */
struct tsip_keyflgs_cryt {
uint8_t aes256_key_set:1;
uint8_t aes128_key_set:1;
uint8_t rsapri2048_key_set:1;
uint8_t rsapub2048_key_set:1;
uint8_t rsapri1024_key_set:1;
uint8_t rsapub1024_key_set:1;
uint8_t message_type:1;/*message 0, hashed 1*/
};
/* flags Crypt Only */
struct tsip_keyflgs_crypt {
uint32_t aes256_key_set:1;
uint32_t aes128_key_set:1;
uint32_t rsapri2048_key_set:1;
uint32_t rsapub2048_key_set:1;
uint32_t rsapri1024_key_set:1;
uint32_t rsapub1024_key_set:1;
uint32_t eccpri_key_set:1;
uint32_t eccpub_key_set:1;
uint32_t message_type:1; /*message 0, hashed 1*/
};
#endif
/*
* TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
*/
typedef struct TsipUserCtx {
/* unique number for each session */
int devId;
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
@ -159,24 +179,17 @@ typedef struct TsipUserCtx {
/* handle is used as work area for Tls13 handshake */
tsip_tls13_handle_t handle13;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* client key pair wrapped by provisioning key */
byte* wrappedPrivateKey;
byte* wrappedPublicKey;
int wrappedKeyType;
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
#if !defined(NO_RSA)
/* RSA-2048bit private and public key-index for client authentication */
tsip_rsa2048_private_key_index_t Rsa2048PrivateKeyIdx;
tsip_rsa2048_public_key_index_t Rsa2048PublicKeyIdx;
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC P256 private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaP256PrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaP256PublicKeyIdx;
#endif /* HAVE_ECC */
#endif /* !NO_RSA */
#if defined(HAVE_ECC)
/* ECC private and public key-index for client authentication */
tsip_ecc_private_key_index_t EcdsaPrivateKeyIdx;
tsip_ecc_public_key_index_t EcdsaPublicKeyIdx;
#endif /* HAVE_ECC */
/* ECDHE private key index for Tls13 handshake */
tsip_tls_p256_ecc_key_index_t EcdhPrivKey13Idx;
@ -226,7 +239,6 @@ typedef struct TsipUserCtx {
/* signature data area for TLS1.3 CertificateVerify message */
byte sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
#if (WOLFSSL_RENESAS_TSIP_VER >=109)
/* out from R_SCE_TLS_ServerKeyExchangeVerify */
uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
@ -248,47 +260,19 @@ typedef struct TsipUserCtx {
uint32_t tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
uint8_t tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
uint8_t tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
renesas_tsip_key rsa1024pri_keyIdx;
renesas_tsip_key rsa1024pub_keyIdx;
renesas_tsip_key rsa2048pri_keyIdx;
renesas_tsip_key rsa2048pub_keyIdx;
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sing_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint8_t chr;
struct tsip_keyflgs_cryt bits;
} keyflgs_crypt;
#endif
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
/* TSIP defined cipher suite number */
uint32_t tsip_cipher;
/* flags */
#ifdef WOLFSSL_RENESAS_TSIP_TLS
#if !defined(NO_RSA)
#if !defined(NO_RSA)
uint8_t ClientRsa2048PrivKey_set:1;
uint8_t ClientRsa2048PubKey_set:1;
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccP256PrivKey_set:1;
uint8_t ClientEccP256PubKey_set:1;
#endif
#endif
#if defined(HAVE_ECC)
uint8_t ClientEccPrivKey_set:1;
uint8_t ClientEccPubKey_set:1;
#endif
uint8_t HmacInitialized:1;
uint8_t RootCAverified:1;
@ -308,6 +292,39 @@ typedef struct TsipUserCtx {
uint8_t session_key_set:1;
#endif /* WOLFSSL_RENESAS_TSIP_TLS */
/* installed key handling */
tsip_aes_key_index_t user_aes256_key_index;
uint8_t user_aes256_key_set:1;
tsip_aes_key_index_t user_aes128_key_index;
uint8_t user_aes128_key_set:1;
/* for tsip crypt only mode */
#ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#ifndef NO_RSA
tsip_rsa1024_private_key_index_t* rsa1024pri_keyIdx;
tsip_rsa1024_public_key_index_t* rsa1024pub_keyIdx;
tsip_rsa2048_private_key_index_t* rsa2048pri_keyIdx;
tsip_rsa2048_public_key_index_t* rsa2048pub_keyIdx;
#endif
#ifdef HAVE_ECC
#ifdef HAVE_ECC_SIGN
tsip_ecc_private_key_index_t eccpri_keyIdx;
#endif
tsip_ecc_public_key_index_t eccpub_keyIdx;
#endif
/* sign/verify hash type :
* md5, sha1 or sha256
*/
int sign_hash_type;
/* flags shows status if tsip keys are installed */
union {
uint32_t chr;
struct tsip_keyflgs_crypt bits;
} keyflgs_crypt;
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
} TsipUserCtx;
typedef TsipUserCtx RenesasUserCtx;
@ -372,7 +389,7 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
#endif
#if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
WOLFSSL_API int tsip_use_PubicKey_buffer_crypt(TsipUserCtx *uc,
WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType);
WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
const char* keyBuf, int keyBufLen, int keyType);
@ -401,22 +418,29 @@ WOLFSSL_API void tsip_inform_user_keys(
/*----------------------------------------------------*/
/* internal use functions */
/*----------------------------------------------------*/
WOLFSSL_LOCAL int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc);
#ifdef HAVE_PK_CALLBACKS
WOLFSSL_LOCAL int tsip_VerifyRsaPkcsCb(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
unsigned char* sig, unsigned int sigSz,
unsigned char** out,
const unsigned char* keyDer, unsigned int keySz,
void* ctx);
WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc);
#endif
#ifdef WOLF_CRYPTO_CB
struct wc_CryptoInfo;
WOLFSSL_LOCAL int tsip_SignRsaPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(struct wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_SignEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_VerifyEcdsa(struct wc_CryptoInfo* info, TsipUserCtx* tuc);
WOLFSSL_LOCAL int tsip_TlsCleanup(struct WOLFSSL* ssl);
WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
@ -505,23 +529,23 @@ WOLFSSL_LOCAL int wc_tsip_generateMasterSecret(
WOLFSSL_LOCAL int wc_tsip_storeKeyCtx(
WOLFSSL *ssl,
struct WOLFSSL *ssl,
TsipUserCtx *userCtx);
WOLFSSL_LOCAL int wc_tsip_generateEncryptPreMasterSecret(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
byte* out,
word32* outSz);
WOLFSSL_LOCAL int wc_tsip_EccSharedSecret(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
struct ecc_key* otherKey,
unsigned char* pubKeyDer, unsigned int* pubKeySz,
unsigned char* out, unsigned int* outlen,
int side, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerify(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
byte* sig,
word32 sigSz,
byte** out,
@ -530,7 +554,7 @@ WOLFSSL_LOCAL int wc_tsip_RsaVerify(
void* ctx);
WOLFSSL_LOCAL int wc_tsip_EccVerify(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
const byte* sig, word32 sigSz,
const byte* hash, word32 hashSz,
const byte* key, word32 keySz,
@ -571,14 +595,14 @@ WOLFSSL_LOCAL int wc_tsip_AesGcmDecrypt(
void* ctx);
#endif /* NO_AES */
WOLFSSL_LOCAL int wc_tsip_ShaXHmacVerify(
const WOLFSSL *ssl,
const struct WOLFSSL *ssl,
const byte* message,
word32 messageSz,
word32 macSz,
word32 content);
WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
const WOLFSSL *ssl,
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -586,7 +610,7 @@ WOLFSSL_LOCAL int wc_tsip_Sha1HmacGenerate(
byte* digest);
WOLFSSL_LOCAL int wc_tsip_Sha256HmacGenerate(
const WOLFSSL *ssl,
const struct WOLFSSL *ssl,
const byte* myInner,
word32 innerSz,
const byte* in,
@ -601,7 +625,7 @@ WOLFSSL_LOCAL int tsip_hw_lock();
WOLFSSL_LOCAL void tsip_hw_unlock( void );
WOLFSSL_LOCAL int tsip_usable(const WOLFSSL *ssl,
WOLFSSL_LOCAL int tsip_usable(const struct WOLFSSL *ssl,
uint8_t session_key_generated);
WOLFSSL_LOCAL void tsip_inform_sflash_signedcacert(
@ -631,13 +655,11 @@ WOLFSSL_LOCAL int wc_tsip_generatePremasterSecret(
word32 preSz);
WOLFSSL_LOCAL int wc_tsip_generateSessionKey(
WOLFSSL* ssl,
struct WOLFSSL* ssl,
TsipUserCtx* ctx,
int devId);
WOLFSSL_LOCAL int wc_tsip_MakeRsaKey(int size, void* ctx);
WOLFSSL_LOCAL int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info,
TsipUserCtx* tuc);
WOLFSSL_LOCAL int wc_tsip_GenerateRandBlock(byte* output, word32 size);

12
wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h
View File

@ -21,9 +21,14 @@
#ifndef __RENESAS_CMN_H__
#define __RENESAS_CMN_H__
#include <wolfssl/ssl.h>
#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
#include <wolfssl/internal.h>
/* Common Callbacks */
WOLFSSL_LOCAL int Renesas_cmn_RsaSignCb(WOLFSSL* ssl,
const unsigned char* in, unsigned int inSz,
@ -69,8 +74,6 @@ WOLFSSL_LOCAL int Renesas_cmn_SigPkCbEccVerify(const unsigned char* sig, unsigne
/* Common Methods */
WOLFSSL_LOCAL void* Renesas_cmn_GetCbCtxBydevId(int devId);
int wc_CryptoCb_CryptInitRenesasCmn(WOLFSSL* ssl, void* ctx);
void wc_CryptoCb_CleanupRenesasCmn(int* id);
int wc_Renesas_cmn_RootCertVerify(const byte* cert, word32 cert_len,
word32 key_n_start, word32 key_n_len, word32 key_e_start,
word32 key_e_len, word32 cm_row);
@ -80,4 +83,9 @@ WOLFSSL_LOCAL int Renesas_cmn_TlsFinished(WOLFSSL* ssl, const byte *side,
const byte *handshake_hash, word32 hashSz,
byte *hashes, void* ctx);
WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx);
#endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx);
void wc_CryptoCb_CleanupRenesasCmn(int* id);
#endif /* __RENESAS_CMN_H__ */

26
wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h
View File

@ -25,6 +25,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#if (!defined(NO_SHA) || !defined(NO_SHA256)) && \
!defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
@ -33,12 +34,6 @@ typedef enum {
TSIP_SHA256 = 1,
} TSIP_SHA_TYPE;
typedef enum {
TSIP_RSA2048,
TSIP_RSA4096,
TSIP_ECCP256,
} TSIP_KEY_TYPE;
typedef struct {
byte* msg;
void* heap;
@ -54,16 +49,27 @@ typedef struct {
/* RAW hash function APIs are not implemented with TSIP */
#define WOLFSSL_NO_HASH_RAW
#ifndef NO_SHA
typedef wolfssl_TSIP_Hash wc_Sha;
#if !defined(NO_SHA256)
#endif
#ifndef NO_SHA256
typedef wolfssl_TSIP_Hash wc_Sha256;
#endif
#endif /* NO_SHA */
#endif /* !NO_SHA || !NO_SHA256 */
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) ||\
typedef enum {
TSIP_RSA1024 = 1,
TSIP_RSA2048 = 2,
TSIP_RSA3072 = 3,
TSIP_RSA4096 = 4,
TSIP_ECCP256 = 5,
TSIP_ECCP384 = 6,
} TSIP_KEY_TYPE;
#if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) || \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
#include "r_tsip_rx_if.h"